Single Sign On with Azure AD

This feature is only available to Enterprise customers

Set up Azure Active Directory

1. Select Enterprise Applications from the left menu

2. Select New application

3. Select Create your own application

4. Add the name as Runn SSO and select Integrate any other application you don't find in the gallery

5. Select Single sign-on from the left menu

6. Select SAML

7. Under Basic SAML Configuration select edit

8. Add Identifier (Entity ID) as your company name with lowercase and dashes. For example, my-company

9. Add Reply URL as https://app.runn.io/users/auth/saml/callback (if you are using a subdomain, replace app with your subdomain)

10. Leave the rest blank and press Save

11. Under User Attributes & Claims press Edit

12. Edit the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name to be user.displayname and save

13. You are now finished the initial set up. You will need to ensure the right users & groups have access to the this enterprise app.

Set up in Runn

1. Visit Account Settings and press Edit

2. Add an Alias, which is used for easily identifying your account.

3. Turn on SAML SSO

4. Press Save

5. Edit account settings again, and you will see the SAML Settings box.

6. Add the Runn SSO Callback URL to the Reply URL in Azure AD if you haven't completed this step already

7. Copy the Identifier (Entity ID) [1] from Azure AD and paste into the Issuer field in Runn. In our example it was my-company

8. Copy the Login URL [4] and paste it into SSO Target URL within Runn

9. Download the Certificate (Base64) [3] and copy the value inside this. Add the value into IDP Certificate.
   This should be base64 encoded and start with
   -----BEGIN CERTIFICATE-----

10. Leave Email claim as the default value

11. Leave Name claim as the default value

12. Press the Save on the SAML Settings box

Testing and FAQ

See our general SAML help for information on testing and additional settings.