What is an IDP / IAM
An Identity and Access Management (IAM) solution is a system designed to securely manage digital identities and access controls across various platforms and services. RecordPoint supports integration with any OpenID Connect-compliant IAM, enhancing our identity and access management capabilities. This integration enables clients to utilize their chosen IAM as the identity provider, streamlining access to RecordPoint through advanced features such as single sign-on and multi-factor authentication. This solution facilitates effortless user and group management by supporting multiple identity providers within the same region. Designed for organizations seeking a secure and efficient IAM solution, this flexible integration boosts security and user experience without complicating the existing IT infrastructure.
In this example, we will show how to set up Auth0 as the primary identity provider.
IDP Application prerequisites
The application should have the following configured by the customer:
- Scopes: openid, email, profile
- Grant types: Refresh Token, Authorization Code
- Redirect URI: https://{tenant}.records365.com.au/auth-oauth
- Signoff URI: https://{tenant}.records365.com.au/dashboard
- Token Endpoint Authentication Method: None
The token must return the following claims for the user:
- groups
- roles
- unique_name or preferred_username
- name
Provisioning a Tenant
This configuration requires coordinated tasks between the customer and RecordPoint.
Before you start, you must register the Records365 app within your Azure Active Directory and create an application.
Customer Actions
Create an application in Auth0
- Create an application in Auth0 that will be used for the tenant.
- Get Client ID and Issuer for later use.
Set up application users, roles, and groups in Auth0.
For users to have access to RecordPoint they need to be added to Auth0, given access to the application. In addition, the following roles need to be created and assigned.
- Roles
- Application Administrator
- Records Manager
- Records Visitor
Please see User Roles – RecordPoint for more information.
Register a tenant
To Register a new Records365 Tenant you need to be an Azure AD Global Administrator in order to grant consent for Records365 to read the user profiles of users that will have access to Records365 and authenticate them. Other roles in Azure Active Directory don’t have the required permissions for this type of consent.
- Navigate to the Register page, e.g. https://{tenant}.records365.com.au/register.
- Log in with the Microsoft Entra ID credentials that this tenant will use(admin account).
- You will be directed to a consent page that will ask if you allow Records365 to sign in and read the user profiles of your Azure Active Directory as part of the login process to Records365. Click Accept to accept any requested permissions.
When successful you will be directed to the Registration Success page. This will trigger our provisioning process and someone from the Customer Success team will be in touch once the provisioning is completed.
Share Application Details with RP
Provide RP with the Client ID and Issuer values for the application that this tenant will connect to.
Until the tenant provisioning process is completed, users cannot log in to Records365. Once the provisioning is completed, a Customer Success representative will get in touch and the ‘Getting Started’ section can be continued.
RecordPoint Actions
RecordPoint will set up your tenant and let you know when this is complete.
Log in and Setup
You can now log in to your new tenant!
Navigate to https://{tenant}.records365.com.au/login-oauth/<tenant-specific-name>
Where tenant-specific name is the unique company name, (the company name with secondary identifier value appended if it exists). This will be provided by RecordPoint.
Examples:
Company Name |
Shared Entra ID |
Secondary Tenant ID Value |
Login URL |
---|---|---|---|
solrwinds dev |
Yes
|
|
/login-oauth/solrwinds dev-00000000-0000-0000-0000-000000000001 |
solrwinds sit |
Yes
|
|
/login-oauth/solrwinds sit-00000000-0000-0000-0000-000000000002 |
solrwinds pre-prod |
Yes
|
|
/login-oauth/solrwinds pre-prod-00000000-0000-0000-0000-000000000003 |
solrwinds prod |
Yes
|
N/A |
/login-oauth/solrwinds prod |
FAQ
Is SCIM Supported?
SCIM is not currently supported for the Recordpoint platform. Users do not require an account, authorization will be performed by Microsoft Entra. Permissions for RecordPoint are managed through the Recordpoint platform's Security Profiles.
Does RecordPoint support global logout?
RecordPoint does not support global logout.