Easy SSO (SAML and OAuth 2.0)
Available from version 11
Easy Redmine supports three major SSO technologies. SSO configuration is available in Administration >> Easy SSO.
Configurations may be set only by administrators that have access to the other side of the authentication chain, and in some cases have access to Easy Redmine server configuration.
Azure AD via SAML
SAML is used by and was tested with Azure Active Directory.
Configuration is done by clicking on EDIT at SAML Service provider and requires to enter information available to Azure AD admins.
Among the other settings, we'd like to recommend the following.
- Onthefly user creation - should be enabled, unless you already have all users from Azure somehow imported in the application
- Sign in button - should be enabled during your first attempts of configuration before rolling to production. It will ensure the user will always see login page with a button for SAML login, even in case of incorrect SAML configuration. It will help you with debug. If disabled, user is logged in automatically.
- Debug - should be enabled during configuration and testing.
As soon as this part is configured, you will be able to select it as the primary authentication method. Click UPDATE after selecting the correct method.
You may see another SAML option in SSO administration.
This means that you will authenticate into other application by credentials from Easy Redmine using SAML protocol. This option works in theory and was not tested. In case you are interested in such solution, a thorough analysis by our technicians is required. Without it, we do not guarantee correct functioning of this feature.
There is an easier option to log in to other systems via Easy Redmine. See next chapter.
This is a protocol is used by hundreds of well-known services, such as Google, Facebook and many many others.
Easy Redmine may act as
- identity provider - e.g. log in to Easy Redmine by Google credentials, or
- identity service - log in to other applications using credentials from Easy Redmine
You need to read OAuth 2.0 documentation of the other application to know what exactly to enter in each field. Of course, you need to have admin access to the other application to find the required information, such as token. Also, when setting Easy Redmine as identity service, you need to make proper configuration on the other application.
This SSO option was available also in previous Easy Redmine versions. However, its configuration is immensely complex and definitely requires advanced server admin experience and, as mentioned, access to Easy Redmine server => can't be used with Cloud solution.
Detailed Kerberos configuration is described in a separate knowledge article. Guarantees for correct functioning of Kerberos SSO may only be provided if the implementation was done by our technicians.