Railnova supports Azure Active directory.
The activation/deactivation of those authentication methods is handled by Railnova Support Team, you can reach them at email@example.com or by clicking the support button directly on the website.
Pricing of the Azure Single Sign-On (SSO)
The Azure SSO is subject to a commercial support agreement to ensure that contact persons, service notifications, security upgrades, and migrations can be managed smoothly between the Client IT environment and the Railnova software platform.
If you desire a different SSO or LDAP integration than MS Azure SSO, Railnova offers custom integration plans, subject to a specific commercial agreement. Please contact firstname.lastname@example.org for any questions related to custom integrations.
Azure Active Directory
This authentication method delegates the Authentication and Authorization flow to the Azure Active Directory.
In order for the Azure Active Directory authentication method to be fully enabled you will need to:
Go to the Railnova admin and select the Company section;
Select Your Company in the list;
You should see a block for Azure Active Directory SSO login, if not please contact Railnova Support Team, the Azure Active Directory SSO authentication method has not been enabled for your company;
Register a new application with Azure AD, follow Microsoft’s Quickstart: Register an application with the Microsoft identity platform.
When asked to set a Redirect URL (sometimes referenced as Reply URL), use the one referenced in Railnova Admin under “Oauth azure redirect”. NB: the Redirect URL for the Railnova test instance is https://test.railnova.eu/auth/complete/rn-azuread-oauth2/
Create a Client secret, follow Microsoft's QuickStart: Configure a client application to access web APIs - Add Credentials to your web application. You want to generate a Client secret. Once generated, make note of this value.
Fill the Client ID and Secret in the Railnova Admin
Click on save on the Railnova admin and the Azure Active Directory SSO authentication method will be activated for your company.
In order to make the Authorization flow delegation works for Azure Active Directory SSO, you need to allow Railnova to load the AD Groups a user is a member of:
Follow Microsoft’s QuickStart: Configure the Azure AD Application Registration for group attributes;
In your Railnova company admin, you have to add OAuth Role Mapping;
External ID: The Object ID of the Group in Azure Active Directory;
Role: The Railnova Role you want to associate;
Order: Be careful of the mapping order, if a user is a member of multiple AD groups, the first one to match in the mapping will be associated.
Note on the combination of multiple Authentication methods
It is allowed to have more than one authentication method activated at one time. This option is often necessary for granting access to third parties and can be deactivated.
When having multiple Authentication methods activated (such as a password method alongside an SSO method), removing a user from your SSO provider won’t necessarily mean that a user has no more access to Railnova if he or she had set up a password previously.