Skip to main content
Feedback

Single sign-on using Microsoft Entra ID (Azure Active Directory)

info
  • SSO is available only in the Pro Plus plan.
  • To manage users through SSO, contact support and request for user management restricted to SSO.

You can configure Single Sign-On (SSO) between Data Integration and Microsoft Entra ID (formerly known as Azure Active Directory). With SSO, users can seamlessly access Data Integration using the Microsoft Entra ID account.

Prerequisites

Ensure you have an active Microsoft Entra ID account with Administrative privileges.

SSO configuration requirements for Data Integration support:

  • Data Integration Account URL
  • SSO_PROVIDER_NAME (For example, Azure)
  • DEPLOY_ENVIRONMENT (For example, dev, prod)
  • DEFAULT_ROLE within Data Integration (For example, viewer/developer/admin, etc.)
  • METADATA_URL

If you do not have METADATA_URL:

  • ENTITY_ID_URL
  • SSO_URL
  • CERTIFICATE

Procedure

  1. Log in to your Azure Portal.
  2. Navigate to Entra ID in the top search panel.
  3. Select Enterprise Applications from the left-hand menu.
  4. Click New Application.
  5. Choose Create your own application.
  6. Enter the name "Data Integration".
  7. Choose "Integrate any other application you don't find in the gallery".
  8. Select Create and wait for the process to finish.
  9. Choose Single sign-on from the Getting started menu.
  10. Choose the SAML.
  11. Get the App Federation Metadata URL from the SAML Signing Certificate section.
  12. Use the Help menu in the Data Integration console to open a Support ticket. Include the App Federation Metadata URL and specify your preferred Default Role for new Data Integration users when they log in.
  13. You will receive Metadata and ACS endpoints for configuration from Data Integration Support.
  14. Configure SAML Settings in Azure:
    In the Basic SAML Configuration section, Click Edit:

  • Identifier Entity ID (Ends with Metadata): Example: https://auth.[console-region].rivery.io/[account-id]_Azure_AD_[console-region]/metadata

  • Reply URL (Ends with ACS): Example: https://auth.[console-region].rivery.io/[account-id]_Azure_AD_[console-region]/?acs

  • Relay State URL

Relay State URLRegion
https://console.rivery.ious-east-2
https://eu-west-1.console.rivery.ioeu-west-1
https://il-central-1.console.rivery.ioil-central-1
https://ap-southeast-2.console.rivery.ioap-southeast-2
note
  • Make sure to include the URLs provided by Data Integration Support.
  • Your Account ID is available in the Console URL: https://console.rivery.io/home/**[account-id]**/563f5b17b0a105467kle07a4we5435ff4c33. You do not need to change the URL; make sure it is yours.
  • Make sure to set all URLs and configurations without spaces or errors.
  1. Click Save and verify the status indicates SSO.
  2. Configure Attributes & Claims in Azure. In the Attributes & Claims section, click Edit:
  • Select Add new Claim
  • Create a new claim for every row in this table, totaling 6 claims.
  • Copy the specified parameters while ensuring case sensitivity.
NameSource Attribute
NameIDuser.userprincipalname
emailuser.mail
firstnameuser.givenname
lastnameuser.surname
nameuser.userprincipalname
Unique User Identifieruser.userprincipalname

Adding users to the application

Procedure

  1. Click Users and Groups under the Manage section from the left-hand menu.
  2. Select Add user/group.
  3. You can achieve automation by syncing with your existing Azure Entra ID groups or manually adding individual users using the tab on the left-hand menu.
  4. Click on Assign. These users will gain access to Data Integration through SSO.
  5. To complete the configuration and establish the connection to Data Integration, go to MyApps, select the app you created. You are directed to the Data Integration console Homepage.
note
  • All users and groups can be provisioned to Data Integration.
  • After setting up SSO, the default landing URL for your Data Integration console will be https://console.rivery.io/home/[account_id]/default_env, indicating that all users have access permissions to the default environment.
  • Make sure the Username and Last Name fields contain non-null values in the "Users" tab
On this Page