Setting up SAML SSO in Admin Console

This document goes over how you can enable Single-sign-on in Admin Console using the SAML supported app. Your SAML app will act as an IDP and LoginRadius as SP.

Configuring SAML App

Each authentication system is unique and might require different configuration settings. Please use the following values for configuring LoginRadius as a service provider in your application to enable SAML flow.

Login in to your SAML supported app
Enable and configure Single-sign-on method SAML
Configure LoginRadius as a Service Provider in your application with the following values :
- Enter https://lr.hub.loginradius.com in Start URL.
- Enter https://lr.hub.loginradius.com/ in Entity Id.
- Enter https://lr.hub.loginradius.com/saml/serviceprovider/AdfsACS.aspx in ACS URL.
- Select Name Id format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
Download the metadata for SAML configuration

Configuring LoginRadius Admin Console

Log in to your LoginRadius account.
Navigate to your team management section in LoginRadius Admin Console from here.
Click on the + Add Team SSO button.
Here, you can see two options.
- Configure App
- Configure from Metadata

Configure App

App Name: This is used to Login into the LoginRadius Admin Console.

Is ADFS: Active Directory Federation Services (ADFS) is supported only with service provider-initiated login flow.Turn on this If you are using ADFS as your SAML supported app.

Step-1: Fill in the below form if you are copying for Configure App option:

a. Select any flow from Login Flow.

b. In ID Provider Binding value from the Identity Provider metadata file.

c. In ID Provider Location enter the IdP-Initiated Login URL which you will get from the SAML supported app dashboard or metadata file.

d. In ID Provider Logout URL enter the IdP-Initiated Logout URL which you will get from the SAML supported app dashboard or metadata file.

e. In Relay State Parameter enter the Relay State that will be used for the SAML response.

f. ID Provider Certificate: Certificate of SAML supported app working as identity Provider in this case.

g. Enter LoginRadius' Certificate and Key in SERVICE PROVIDER CERTIFICATE.

note

Certificate and Key can be generated using online tools, for an example. with Bits and Digest Algorithm 2056, SHA256 respectively.

h. For DATA MAPPING select the LoginRadius' fields (SP fields) and enter the corresponding SAML supported app fields (IdP fields)e.g.

Fields	Profile Key
Email	email
FullName	username

i. Switch off Email/Password Login: If you turn on Switch off Email/Password Login instead of Enable only SSO option, then login with Email/Password will not work, and only SSO Login will work to access LoginRadius Admin Console.

j. Click on the Save button to save/add the configuration.

note

Please see ADFS, Azure AD, salesforce for specific examples for implementing SSO in Admin Console using SAML.

To renew the Service Provider Certificate, click the designated "Renew Certificate" button. Once the renewal is completed, the updated expiry date and time will be promptly shown.

Configure From Metadata

If you are looking to configure this by uploading a Metadata file click on the Configure from Metadata file, you are required to upload the XML file, which consists of metadata for SSO setup, and after successful upload, click Add button.

The customer should have an account with the same email address in your SAML application as well as in LoginRadius before using your SAML application to login to the LoginRadius Admin Console.