Connect SAML/ADFS to Ronspot

Step 1 – Send Ronspot your SAML parameters

Ronspot uses the SAML setup for ADFS. Ronspot requires the 4 following parameters, you will find them on your ADFS account.

  1. Entity ID: This is the global, unique ID for the SAML entity.
  2. Single Sign-on URL: The URL to use when performing the primary authentication.
  3. ADFS Certificate: This certificate file must be in .crt format and must be sent to your Ronspot technical contact.
  4. Single Logout URL: This is optional, but can be used to redirect the employee when they logout of Ronspot.
These details need to be passed to your Ronspot account manager who will then arrange to have them configured in your account.

Step 2 – Set Ronspot access on your ADFS account

Once the above are sent to Ronspot and set on your account, add the following URLs into your ADFS account:

  1. Single Sign On URL – The location where the SAML assertion is sent with a HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL for your application
  2. Recipient URL  – The location where the application may present the SAML assertion. This is usually the same location as the Single Sign-On URL
  3. Audience URI – SP Entity ID – The application-defined unique identifier that is the intended audience of the SAML assertion. This is most often the SP Entity ID of the application
  4. Destination URI – Identifies the location where the SAML response is intended to be sent inside of the SAML assertion. This is useful to prevent malicious forwarding of responses to unintended recipients. This should be the same location as the Single Sign-On URL unless your application explicitly defines a specific value

Step 3 – Send Ronspot your XAML attributess

In your ADFS account,  find the following user attributes and share them with Ronspot in order to be able to run the service.

<saml:Attribute Name=”” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”></saml:AttributeValue></saml:Attribute>

<saml:Attribute Name=”user.lastName” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”>Doe</saml:AttributeValue></saml:Attribute>

<saml:Attribute Name=”user.firstName” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”>John</saml:AttributeValue></saml:Attribute>

<saml:Attribute Name=”” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”>123XYZ456</saml:AttributeValue></saml:Attribute>

Notes: These attributes need to be set up in the exact format as below. For example, the email attribute must be set up as and not user-email.