Corporate Single Sign On (SSO) is available to customers who are on our Enterprise tier. It allows you to use your corporate Identity Provider (IDP) to authenticate user sign in.
Prerequisite steps.
- You will need a verified domain name for your tenancy.
- Provide RKVST with the UUID and the verified domain name.
Once these have been met RKVST will enable SSO on your tenancy and configuration can begin.
Obtaining a verified name for your tenancy.
-
Email support@rkvst.com
-
Use an email address from the domain that you wish to verify
-
For example, mail us from @rkvst.com to verify the rkvst.com domain tenancy
-
- We will send you a confirmation email for your request.
Generic SSO configuration
Customer IDP config.
-
Create app registration in your IDP (typically named “RKVST”) with the following settings:
-
Auth type / sign-in method: OIDC
-
Application type: Web app
-
Login URI: https://app.rkvst.io/login
-
Callback URI: https://b2carchivistprod3.b2clogin.com/b2carchivistprod3.onmicrosoft.com/oauth2/authresp
-
Enable auth and refresh tokens for grant types (where appropriate)
-
-
Configure other settings according to customer IT requirements
-
Add users to the newly configured app registration
Customer RKVST config.
-
Go to Settings → General
-
Complete Enterprise Single Sign-on fields
-
Enter OIDC Config URL as per guidance from IDP
-
Enter client ID and secret from previously created IDP app registration
-
Enter issuer (this can be retrieved from the OIDC Config URL)
-
-
Click save. Note that it can take up to 15 seconds for the configuration to save.
The customer can now login using the SSO button in the RKVST login screen by providing their verified URL.