Using Alternative Identity Providers with RecordPoint

  • Updated

What is an IDP / IAM

An Identity and Access Management (IAM) solution is a system designed to securely manage digital identities and access controls across various platforms and services. RecordPoint supports integration with any OpenID Connect-compliant IAM, enhancing our identity and access management capabilities. This integration enables clients to utilize their chosen IAM as the identity provider, streamlining access to RecordPoint through advanced features such as single sign-on and multi-factor authentication. This solution facilitates effortless user and group management by supporting multiple identity providers within the same region. Designed for organizations seeking a secure and efficient IAM solution, this flexible integration boosts security and user experience without complicating the existing IT infrastructure.

In this example, we will show how to set up Auth0 as the primary identity provider.

IDP Application prerequisites

The application should have the following configured by the customer:

  • Scopes: openid, email, profile
  • Grant types: Refresh Token, Authorization Code
  • Redirect URI: https://{tenant}.records365.com.au/auth-oauth
  • Signoff URI: https://{tenant}.records365.com.au/dashboard
  • Token Endpoint Authentication Method: None

The token must return the following claims for the user:

  • groups
  • roles
  • unique_name or preferred_username
  • name
  • email
  •  

Provisioning a Tenant

This configuration requires coordinated tasks between the customer and RecordPoint.

Before you start, you must register the Records365 app within your Azure Active Directory and create an application.

Customer Actions

Create an application in Auth0

  1. Create an application in Auth0 that will be used for the tenant.
    1. Create Applications in Auth0 (auth0.com)
  2. Get Client ID and Issuer for later use.
  3.  

Set up application users, roles, and groups in Auth0.

For users to have access to RecordPoint they need to be added to Auth0, given access to the application. In addition, the following roles need to be created and assigned.

  • Roles
    • Application Administrator
    • Records Manager
    • Records Visitor

Please see User Roles – RecordPoint for more information.

Register a tenant

To Register a new Records365 Tenant you need to be an Azure AD Global Administrator in order to grant consent for Records365 to read the user profiles of users that will have access to Records365 and authenticate them. Other roles in Azure Active Directory don’t have the required permissions for this type of consent.

  1. Navigate to the Register page, e.g. https://{tenant}.records365.com.au/register.
  2. Log in with the Microsoft Entra ID credentials that this tenant will use(admin account).
  3. You will be directed to a consent page that will ask if you allow Records365 to sign in and read the user profiles of your Azure Active Directory as part of the login process to Records365. Click Accept to accept any requested permissions.

 

When successful you will be directed to the Registration Success page. This will trigger our provisioning process and someone from the Customer Success team will be in touch once the provisioning is completed.

Share Application Details with RP

Provide RP with the Client ID and Issuer values for the application that this tenant will connect to.

 

Until the tenant provisioning process is completed, users cannot log in to Records365. Once the provisioning is completed, a Customer Success representative will get in touch and the ‘Getting Started’ section can be continued.

RecordPoint Actions

RecordPoint will set up your tenant and let you know when this is complete.

Log in and Setup

You can now log in to your new tenant!

Navigate to https://{tenant}.records365.com.au/login-oauth/<tenant-specific-name>

Where tenant-specific name is the unique company name, (the company name with secondary identifier value appended if it exists). This will be provided by RecordPoint.

Examples:

Company Name

Shared Entra ID

Secondary Tenant ID Value

Login URL

solrwinds dev

Yes

00000000-0000-0000-0000-000000000001

/login-oauth/solrwinds dev-00000000-0000-0000-0000-000000000001

solrwinds sit

Yes

00000000-0000-0000-0000-000000000002

/login-oauth/solrwinds sit-00000000-0000-0000-0000-000000000002

solrwinds pre-prod

Yes

00000000-0000-0000-0000-000000000003

/login-oauth/solrwinds pre-prod-00000000-0000-0000-0000-000000000003

solrwinds prod

Yes

N/A

/login-oauth/solrwinds prod

 

FAQ

Is SCIM Supported?

SCIM is not currently supported for the Recordpoint platform. Users do not require an account, authorization will be performed by Microsoft Entra. Permissions for RecordPoint are managed through the Recordpoint platform's Security Profiles.

Does RecordPoint support global logout?

RecordPoint does not support global logout.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request