Azure AD SAML SSO configuration
Rewatch provides Single Sign-On (SSO) and SCIM Provisioning functionality for customers to access it through Azure AD. This allows IT administrators to better manage team access and keeps information more secure.
We use SAML (Security Assertion Markup Language), a standard that permits Azure AD to safely pass authorization credentials to service providers like Rewatch.
Azure AD setup
These are instructions for setting up Rewatch SAML SSO with Azure AD.
Setup the Rewatch app in Azure AD
- In the Azure AD portal, select
Enterprise applicationsfrom the left-side nav.
- Next, select
All Applicationsin the left side nav, and click the
New applicationbutton above the application list.
Create your own applicationin the top-left.
Rewatchas the name of the application and select
Integrate any other application you don't find in the gallery. Click
- When the application finishes creating, click
Single sign-onin the left-side nav. Under
Select a single sign-on method, select SAML.
- In the following screen, click
Editunder the Basic SAML Configuration box.
Identifier (Entity ID)
Reply URL (Assertion Consumer Service URL)
Save. When it completes, click the
xin the upper right to close the Edit dialog.
- If prompted to test single sign-on, click
No, I'll test later
- Click Edit on the
User Attributes & Claimsbox.
- Click the value to the right of
Unique User Identifier (Name ID)to edit it
- Change the
user.mail, and click Save
- Click the
xin the upper right to return to the
Rewatch | Saml-based Sign-onscreen.
Certificate (Base64)in the
SAML Signing Certificatebox. You will need this to setup the SAML configuration in Rewatch.
- Copy the
Login URLunder the
Set up Rewatchbox. You will need this to setup the SAML configuration in Rewatch.
On the Rewatch channel admin page, click on the
Security` link in the sidebar.
Login URL from Azure AD into the
IdP SSO target URL field and paste the contents of the certificate you downloaded into the
IdP Certificate field. Then, set the email domains that will redirect to your SAML provider on login. Finally, check
Enable Saml login for this channel. Click Save.
You can then test the SAML integration by clicking the Test SAML button. If you login via SAML with the same email as your current admin user account, you will maintain the same admin privileges. Once logged in via SAML, you can enable
Enforce SAML-only logins for this channel.
While SAML will automatically update user information whenever they log in, you can additionally setup SCIM to automate deprovisioning and group membership updates immediately after you make these administrative changes. We currently do not support SCIM integration with Azure AD
Related help articles
Lasted edited on Jan 27th, 2021