1. Introduction
Single Sign-On (SSO) allows users to authenticate once with their corporate identity provider and gain access to redOrange.ai without needing to enter separate credentials. This guide covers how to configure and use SSO with redOrange.ai, supporting SAML 2.0 integrations with Google Workspace and Azure Active Directory (Azure AD).
2. Benefits of SSO in redOrange.ai
Simplifies user login experience by using existing organizational credentials.
Enhances security by centralizing authentication and enforcing corporate policies.
Supports automated user provisioning and de-provisioning, ensuring timely account management.
Reduces password fatigue and related helpdesk calls.
3. Supported Identity Providers (IdPs)
Google Workspace (via SAML 2.0)
Azure Active Directory (Azure AD) (via SAML 2.0 with automated user provisioning)
4. How SSO Works in redOrange.ai
Users access redOrange.ai and are redirected to their identity provider’s login page.
Upon successful authentication, the IdP sends a signed SAML assertion back to redOrange.ai.
redOrange.ai verifies the assertion and grants access based on the user's identity and assigned roles.
For Azure AD, automated user provisioning synchronizes user accounts between Azure AD and redOrange.ai.
5. Prerequisites
Administrative access to your organization’s Google Workspace or Azure AD portal.
redOrange.ai administrator privileges to configure SSO settings.
Access to download/upload metadata files or URLs for SAML configuration.
6. Configuring SSO in redOrange.ai
Step 1: Access SSO Settings
Log in to redOrange.ai as an administrator.
Navigate to Settings > Security > Identity Providers.
Step 2: Choose Identity Provider
Choose the provider type: Google Workspace or Azure AD.
Step 3: Provide IdP Configuration
Configure ACS (Assertion Consumer Service) and Entity URLs provided by redOrange.ai with your IdP.
Upload the IdP metadata XML file into redOrange.ai, which is provided by your IdP.
For Azure AD, enable Automated User Provisioning by providing the Tenant URL and Secret Token, which are generated by redOrange.ai once Active Directory Sync is enabled.
Step 4: Test the Configuration
Save the settings and perform a test login using your IdP credentials.
For detailed step-by-step instructions, please refer to:
7. Automated User Provisioning (Azure AD)
Azure AD integration includes automated provisioning and de-provisioning of user accounts in redOrange.ai.
When users are added or removed in Azure AD, redOrange.ai synchronizes these changes automatically.
This ensures user lifecycle management is consistent and reduces administrative overhead.
8. User Experience with SSO
Users log in by clicking Sign in with [Google Workspace/Azure AD] on the redOrange.ai login page.
After successful authentication, users are granted access based on assigned roles and permissions.
Password management is handled by the identity provider; redOrange.ai does not store user passwords for SSO accounts.
9. Troubleshooting
Issue | Solution |
SAML login fails | Verify metadata and certificates; check time sync on servers |
Automated provisioning not working (Azure AD) | Confirm API permissions and provisioning configuration |
Users unable to access redOrange.ai | Ensure user is assigned access in IdP and redOrange.ai roles |
10. FAQs
Q: Can I disable password login after enabling SSO?
A: Yes, administrators can enforce SSO-only login for added security.
Q: What happens if SSO provider is down?
A: Users may be unable to log in until the IdP service is restored.
Q: Can I automatically provision users who are not explicitly added in the Entra ID Application?
A: Yes, by selecting the scope option in settings to sync all users and groups instead of only assigned ones, users not directly assigned in Entra ID will also be provisioned.
11. Contact Support
For assistance with SSO setup or issues, contact:
Email: support@redorange.ai