In order to enable SSO with Ren, a client system administrators needs to create a new SSO connection within the client’s authentication systems (IdP) and provide the required information to Ren. Ren will then enabled the connection. Ren uses Auth0 by Okta to manage SSO connections (see details below).
Information for the Client
- Sign-On URL / Callback URL / Reply URL / Assertion Consumer Service URL: https://auth.rensystems.com/login/callback?connection=<connectionName> (<connectionName> will be provided to client by Ren IT)
- EntityID: urn:auth0:prod-rensystems:<connectionName>
- Ren uses “Signed SAML response and assertion” using RSA-AES256. See SAML certificate
Information Ren requires from Client
- List of all email domains used by client. (Ren will enforce SSO for these domains.)
- List of email domains returned by IdP.
- Attribute mapping: For attribute mapping, Ren suggests separate explicit mapping. Therefore, please provide attribute names of the 3 attributes sent:
- First Name
- Last Name
- Email Address
- Sign-In URL (e.g. samlp.clientdomain.com/login)
- Signing certificate (SAMLP server public key encoded in PEM or CER format)
Context: How Ren sets up connection on Auth0 by Okta
See documentation from Auth0 by Okta.
Ren uses Auth0 by Okta to manage the SSO connections. The form for a new SAML SSO connection looks like the following:
