Introduction
Rapport3 has traditionally offered a couple of authentication options for users to access the service. The first option is to have Rapport3 store the user passwords in the database and allow administrators, or users themselves, to amend the passwords as necessary. The second option, primarily used by on-site installations, was to integrate with the corporate Windows network logons.
Recent shifts in trends have seen more and more companies or corporations move to a centralised approach and utilising "the cloud" to provide common endpoints for services and resources. Natural progression of such services now combines cloud availability and scalability with private data by means of synchronisation of data between on-site and cloud systems.
To provide some integration with the growing demand for these services, Rapport now offers a new approach to authenticating against corporate accounts instead of the traditional database.
Moving away from an on-site, Windows authentication setup to a the Rapport3 "cloud" service, many administrators have raised concerns about security and user authentication. We are now pleased to announce the first wave of integration with the two most common providers of user accounts: Microsoft Azure and Google.
Microsoft Azure
If you have a Microsoft Azure Active Directory (AAD) available for use, either entirely hosted in the cloud or synchronised with an on-site master copy, Rapport can now utilise your corporate user accounts to validate your users. Such directories are commonly found using Azure subscriptions or Office365 online subscriptions.
Rapport3 will defer the responsibility of authenticating your users to the nominated AAD. This is done via the OpenIDConnect extension for OAuth2 endpoint of the service listings found in your directory. Successful authentication of users will then be subject to marrying of external accounts to the Rapport3 staff record either by implicit matching of email addresses or by explicit association of the two accounts.
In order to provide the most basic service for authenticating via Azure or Office365 we simply require the "tenant id" of the AAD used to authenticate your users.
Checklist for using Azure
If you answer yes to all the below, you can provide Support with your Tenant ID…
Have … Azure AD or Office 365?
Want … Automatic Mapping of Email Addresses to Rapport3?
Want … Manual Control of Account Association for Users?
In a similar vein to the Microsoft Azure service, Rapport3 may now authenticate using Google as the authority. Again, this is done via the OpenIDConnect extension for OAuth2 endpoint user accounts. Successful authentication of users will then be subject to marrying of external accounts to the Rapport3 staff record, either by implicit matching of email addresses or by explicit association of the two accounts.
Checklist for using Google
If you answer yes to all the below, you can provide Support with the relevant information…
Have … Use of Google Services?
Want … Domain Restriction?
Want … Manual Control of Account Association for Users?
Frequently Asked Questions
Q. Can I control who signs in?
A. Yes, you can disable an account in the provider to prevent logon.
Q. Is multi-factor authentication available?
A. Both of these providers allow the use of multi-factor authentication (that is, user name and password followed by some external proof via SMS or app). You will need to refer to the service documentation on how to achieve this for your setup but this is generally an easy option to configure and does not impact on the integration of the service with Rapport3.
Q. Is it secure?
A. All responses to the authentication challenge are verified with the provider using encryption keys discovered from their well-known endpoint. This allows Rapport3 to ensure that the response is secure and genuine.
Q. Can I logon to more than one provider at once?
A. During the transfer period it will be possible to logon to your Rapport account as well as your Azure or Google account but once this process has been completed it is recommended that you should only use one identity provider at a time.
Q. What happens when we enable SSO?
A. Provided you have been able to map through to the account successfully you will be asked to agree to some terms and conditions. Once this process has been completed you will be able to use Rapport3 via your Azure or Google account.