SSO (Single Sign-on) authentication policy

 

Single Sign-On (SSO)

Single Sign-On (SSO) authentication allows for quick authentication using your email address as the sole identifier.

When using Azure AD SSO, all you need is a Microsoft account to sign in with your email address on the RG Dashboard.

 

How to set up SSO as an authentication policy for users?

Go to the Management > Users menu from a node to manage your security and access policy.

Once on the user list page (of the selected node), click on the key to access the node's security policy.

Now you can choose authentication via the SSO mechanism or 2FA.

If none is chosen, then the node's authentication policy will remain the default policy, which is the standard authentication policy (login/password).

⚠️ Note that users for whom SSO is enabled will no longer be able to log in with their password.

As a result, some features will be unavailable or limited.

Please note: If SSO is disabled, users will be prompted to choose a new password the next time they log in.

 

Limitations

1/ Installation of the RG.exe Agent

Once you have enabled SSO, you will no longer have a password. Installing an agent via RG.exe or .msi will only be possible with the use of a deployment token.

You can generate this token in your user space.

 

When deploying the agent, the login will be token@token.tk instead of your email address, and the password will be the token you generated.

 

2/ Deployment with Recovery of the RG Agent

Please note that once SSO is enabled, it will no longer be possible to perform an agent deployment with recovery of history.

To perform this procedure, we recommend doing it from a user not associated with the SSO security policy (standard authentication policy).

Please note: You can create a service account to perform this procedure.

 

3/ API Token Creation

Once you have enabled SSO, you will no longer have a password.
You will not be able to access the creation of new API tokens.

If you have retained old tokens associated with your account, you can still use them; otherwise, you will need to do it from a user not linked to the SSO security policy (standard authentication policy).

Please note: You can create a service account to perform this procedure.