KRMC offers the ability to connect to an external Azure or similar SAMLv2 authentication site.
NOTE: If you are using Multi-Factor with KRMC, you will still need to apply the MFA security after SAML authenticates.
Here's how to configure it:
- On your Microsoft Azure administrative account, select Add then Enterprise Application.
- Select Create you own Application.
- Select Integrate any other application you don't find in the gallery (Non-Gallery).
- From the Overview page, select Single Sign-On then select SAML.
- Now configure Basic SAML Configuration by selecting Edit.
- Configure the Identifier (Entity ID) to be https://krmc.kanguru.com/app.php/saml_login
- Configure the Reply URL (Assertion Consumer Service URL) to be https://krmc.kanguru.com/app.php/saml_login
- Configure the Sign on URL to be https://krmc.kanguru.com/app.php/saml_login
- Select Save.
- Leave the Default RelayState and Logout URL Blank.
- Next you need to select users and groups that have access to use this service. Please note that in order for a user to log into KRMC using SAML, they must have a user account in KRMC that matches their user account email address selected here.
- After selecting your users, log into KRMC as the Super Administrator (SA) and navigate to Settings -> Server Settings.
- Under the title SAML Settings you will need to complete 3 fields.
- Entity ID: This field can be located under Azure AD Identifier.
- SAML SSO URL: This field can be located under Login URL.
- Certificate: This can be located within the App Federation Metadata URL.
- Once you are looking at the metadata, look for X509Data. There will be a line starting with <X509Certificate> and ends with </X509Certificate>. You will need to copy everything in between into the field within KRMC. Do not add <X509Certificate> or </X509Certificate>
- You can choose to Allow administrators to login using KRMC, SAML only, or Both. This setting allows you to choose how administrators on KRMC are able to log into KRMC.
- KRMC Only requires admins to utilize their KRMC login credentials and does not utilize SAML. All attempts to utilize SAML will result in the login failing.
- SAML Only requires all Regular Administrators (RA) to only login utilizing SAML. All attempts to utilize standard KRMC login will fail.
- Both allows the administrator the ability to choose which login type they would like to use. Note that the SA will always be able to use both regardless of which option is select.
- After all fields have been completed within KRMC, select Save SAML Settings.
- Now go back to Azure and select Test.
- If you receive a message on the right side stating Testing sign in, please select Test sign in.
- If the settings have been enter correctly, you should now be able to log into KRMC using your SAML service.
Now you are ready to test it, send an email to Kanguru Support if you need further assistance at firstname.lastname@example.org or call us at 508-376-4245 option 2.