Configuring Azure AD for SAML in Posit Workbench#
RStudio is now Posit!
Our professional products have been renamed to Posit Connect, Posit Workbench, Posit Package Manager, Posit Cloud, and Posit Academy so it’s easier for folks to understand that we support more than just R. Please review our Blog post/FAQ to answer commonly asked questions about the rebrand.
Posit Workbench, formerly RStudio Workbench, is a registered app with Azure.
Configure Application in Azure AD#
Navigate to the Azure portal, go to Azure Active Directory.
In the left-hand menu, click App registration > Enterprise Applications and then select All Applications.
To add new application, click New application.
In the Add from the gallery section, type "RStudio Server Pro SAML Authentication" in the search box.
From the results panel, select RStudio Server Pro SAML Authentication and then add the app. You may have to wait several seconds while the app is added to your tenant.
In the Azure portal, on the RStudio Server Pro SAML Authentication application integration page, navigate to the Manage section and select single sign-on.
On the Select a single sign-on method page, select SAML.
On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings.
On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode, enter the values for the following fields:
a. In the Identifier text box, type a URL using the following pattern:
b. In the Reply URL text box, type a URL using the following pattern:
Click Set additional URLs and perform the following step if you wish to configure the application in SP initiated mode:
In the Sign-on URL text box, type a URL using the following pattern:
On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, click copy button to copy App Federation Metadata Url and save it on your computer.
Additionally, we recommend referencing the Azure documentation.
Update the Workbench configuration file with the following:File: /etc/rstudio/rserver.conf
auth-saml=1 auth-saml-metadata-url=<federation-metadata-URI> auth-saml-sp-name-id-format=emailaddress auth-saml-sp-attribute-username=NameID auth-saml-sp-base-uri=<RStudio-Server-URI>
Restart Workbench by running the following:Terminal
sudo rstudio-server restart
Any user who has been given access via Azure AD and has been provisioned on the Workbench server, should now be able to log in. For the above configuration, the username is the email address (converted to lowercase).