Edit

Tutorial: Microsoft Entra single sign-on (SSO) integration with Roadmunk

  • Article

In this tutorial, you'll learn how to integrate Roadmunk with Microsoft Entra ID. When you integrate Roadmunk with Microsoft Entra ID, you can:

  • Control in Microsoft Entra ID who has access to Roadmunk.
  • Enable your users to be automatically signed in to Roadmunk by using their Microsoft Entra accounts.
  • Manage your accounts in one central location, the Azure portal.

Prerequisites

To get started, you need the following items:

  • A Microsoft Entra subscription. If you don't have a subscription, you can get a free account.
  • A Roadmunk subscription that's enabled for single sign-on (SSO).

Scenario description

In this tutorial, you configure and test Microsoft Entra SSO in a test environment.

Roadmunk supports SSO that's started by the service provider (SP) and by the identity provider (IDP).

To integrate Roadmunk into Microsoft Entra ID, from the gallery, add Roadmunk to your list of managed SaaS apps:

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications > New application.
  3. In the Add from the gallery section, in the search box, type Roadmunk.
  4. Select Roadmunk from the results, and then add the app. Wait a few seconds while the app is added to your tenant.

Alternatively, you can also use the Enterprise App Configuration Wizard. In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. Learn more about Microsoft 365 wizards.

Configure and test Microsoft Entra SSO for Roadmunk

Configure and test Microsoft Entra SSO with Roadmunk by using a test user called B.Simon. To make SSO work, you need to establish a link relationship between a Microsoft Entra user and the related user in Roadmunk.

Here's an overview of how to configure and test Microsoft Entra SSO with Roadmunk:

  1. Configure Microsoft Entra SSO so that your users can use this feature.
    1. Create a Microsoft Entra test user to test Microsoft Entra SSO by using B.Simon.
    2. Assign the Microsoft Entra test user to enable B.Simon to use Microsoft Entra SSO.
  2. Configure Roadmunk SSO to configure the SSO settings on the application side.
    1. Create a Roadmunk test user so that you can link the counterpart of B.Simon in Roadmunk to the Microsoft Entra representation of the user.
  3. Test SSO to make sure the configuration works.

Configure Microsoft Entra SSO

Follow these steps to enable Microsoft Entra SSO in the Azure portal:

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.

  2. Browse to Identity > Applications > Enterprise applications > Roadmunk application integration page, find the Manage section, and then select single sign-on.

  3. On the Select a single sign-on method page, select SAML.

  4. On the Set up single sign-on with SAML page, select the pen icon for Basic SAML Configuration to edit the settings.

    Screenshot showing the Edit icon for Basic SAML Configuration.

  5. In the Basic SAML Configuration section, if you have an SP metadata file and you want to configure in IDP-initiated mode, follow these steps:

    a. Select Upload metadata file.

    Screenshot showing the link for Upload metadata file.

    b. Select the folder icon to choose the metadata file that you downloaded in step 4 of the "Configure Roadmunk SSO" procedure. Then select Upload.

    Screenshot showing how to choose the metadata file.

    After the metadata file is uploaded, in the Basic SAML Configuration section, the Identifier and Reply URL values are automatically populated.

    Screenshot showing the Basic SAML Configuration section. The Identifier field and the Reply URL field are highlighted.

    Note

    If the Identifier and Reply URL values aren't automatically populated, then fill in the values manually.

  6. If you want to configure the application in SP-initiated mode, select Set additional URLs. In the Sign-on URL field, type https://login.roadmunk.com

    Screenshot showing where to set a sign-on URL for SP-initiated mode.

  7. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Federation Metadata XML. Then select Download to download the certificate and save it on your computer.

    Screenshot showing the download link for the SAML signing certificate.

  8. In the Set up Roadmunk section, copy the URL or URLs that you need.

    Screenshot showing where to copy configuration URLs.

Create a Microsoft Entra test user

In this section, you'll create a test user. You'll name the user B.Simon.

  1. Sign in to the Microsoft Entra admin center as at least a User Administrator.
  2. Browse to Identity > Users > All users.
  3. Select New user > Create new user, at the top of the screen.
  4. In the User properties, follow these steps:
    1. In the Display name field, enter B.Simon.
    2. In the User principal name field, enter the username@companydomain.extension. For example, B.Simon@contoso.com.
    3. Select the Show password check box, and then write down the value that's displayed in the Password box.
    4. Select Review + create.
  5. Select Create.

Assign the Microsoft Entra test user

In this section, you'll enable B.Simon to use Azure SSO by granting access to Roadmunk.

  1. Browse to Identity > Applications > Enterprise applications.
  2. In the applications list, select Roadmunk.
  3. On the app's overview page, find the Manage section, and then select Users and groups.
  4. Select Add user. Then in the Add Assignment dialog box, select Users and groups.
  5. In the Users and groups dialog box, in the Users list, select B.Simon. Then at the bottom of the dialog box, choose Select.
  6. If you expect a role to be assigned to the users, choose it from the Select a role drop-down menu. If no role has been set up for this app, the Default Access role is selected.
  7. In the Add Assignment dialog box, select Assign.

Configure Roadmunk SSO

  1. Sign in to the Roadmunk website as an administrator.

  2. At the bottom of the page, select the user icon, and then select Account Settings.

    Screenshot showing where to select user account settings.

  3. Go to Company > Authentication Settings.

  4. On the Authentication Settings page, follow these steps:

    Screenshot showing the Authentication Settings page.

    a. Turn on SAML Single Sign On (SSO).

    b. In the Step 1 section, either upload the metadata XML file or provide the URL for the metadata.

    c. In the Step 2 section, download the Roadmunk Metadata file, and then save it on your computer.

    d. If you want to sign in by using SSO, in the Step 3 section, select Enforce SAML Sign-In Only.

    e. Select Save.

Create Roadmunk test user

  1. Sign in to the Roadmunk website as an administrator.

  2. Select the user icon at the bottom of the page, and then select Account Settings.

    Screenshot showing how to open Account Settings for the test user.

  3. Open the Users tab, and then select Invite User.

    Screenshot showing the Users tab. The Invite User button is highlighted. In the open window, the Email and Role fields are highlighted.

  4. In the form that appears, fill in the required information, and then select Invite.

Test SSO

In this section, you test your Microsoft Entra SSO configuration by using the access panel.

In the My Apps portal, when you select the Roadmunk tile, you should be automatically signed in to the Roadmunk account for which you set up SSO. For more information, see Sign in and start apps from the My Apps portal.

Next steps

After you configure Roadmunk, you can enforce session control. Session control protects the exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access.

Learn how to enforce session control by using Microsoft Defender for Cloud Apps.