Your corporate login system can be integrated with RCS's account system by using the Single Sign-On (SSO) feature. SSO helps simplify password management when managing accounts, which is useful for organizations that have employees or contractors.
Just want to login? Visit the SSO login page.
How it works
SSO is managed on your main RCS account. Once enabled, account users will authenticate through your SSO provider. Your main RCS account is used to create account users and grant them permissions. Password login for your account users is disabled. To log in, your account users must access the SSO login page, enter their email address, then login through your organization.
Compatibility
SSO on RCS is made available through OpenID Connect. Your login provider would need to be compatible with OpenID Connect. Example compatible services include:
Other authentication technologies, such as SAML, are not currently supported.
Enabling SSO with OpenID
Log into the main RCS account that you want to use to manage SSO. Navigate to the Account/Users page. Follow the wizard in the "Single Sign-On" area.
You will need the provide the following pieces of information:
OpenID Provider URL
OpenID Client ID
OpenID Client Secret
Example Integration with Okta
Sign into your Okta Admin panel.
Under Applications, click on "Add Application", then "Create New App".
Select "Web" as the Platform, and "OpenID Connect" as the "Sign on method".
Enter https://my.rcs.is/openid/ as both the "Login redirect URI" and "Logout redirect URI".
Click Save.
Make sure to assign your users to the application via the "Assignments" tab.
Save the Client ID and Client secret from the General tab.
Next, return to the Account/Users page page on RCS and begin the SSO setup.
OpenID Provider URL: https://<yourdomain>.okta.com/
OpenID Client ID: <Client ID>
OpenID Client Secret: <Client Secret>
Click "Enable SSO". Account users can now login on the SSO login page.
Example Integration with Google Accounts
Google Accounts will allow you to use GMail addresses for your account users. Your users must not have previously signed up to RCS with their GMail address, otherwise adding them as an account user will not work.
First, you'll need to setup OpenID connect on Google.
Sign into the Google API Console.
Create a project in Google Cloud. We'll call it "RCS Login".
Navigate to the "APIs" / "Credentials" section.
Create credentials for a new "OAuth client ID".
You will be prompted to give your application a name on the OAuth consent screen. This name is shown upon login.
Resume creating credentials for a new "OAuth client ID".
For "Application Type", choose "Web Application". You will be prompted for several fields.
Authorized JavaScript origins:
https://my.rcs.is
Authorized redirect URIs:
https://my.rcs.is/
https://my.rcs.is/openid/
Jot down the "Client ID" and "Client Secret" provided by Google.
If needed, additional documentation from Google is available here.
Next, return to the Account/Users page page on RCS and begin the SSO setup.
OpenID Provider URL: https://accounts.google.com/
OpenID Client ID: <Client ID>
OpenID Client Secret: <Client Secret>
Click "Enable SSO". Account users on your account with email addresses ending in "@gmail.com" can now login on the SSO login page.
Example Integration with Azure AD
Sign in to Azure and go to "Azure Active Directory"
Go to the "Overview" of your Default Directory
Go to "App Registration" (Link located in footer of "Overview")
Name it something along the lines of "RCS SSO"
Set the Redirect URI to https://my.rcs.is/openid/
Click "Register"
Now in your newly registered Application
Navigate to "Authentication"
Set Logout URL to https://my.rcs.is/openid/ and Save
Navigate To "Branding"
Set Home page URL to https://my.rcs.is/sso
(Optional) Set Terms of Service URL to https://www.rcs.is/legal/tos/
(Optional) Set Privacy Statement URL to https://www.rcs.is/legal/privacy/
Save
Navigate To API Permissions
Click "Add Permission"
Click "Microsoft Graph"
Click "Delegated Permissions"
Type "Directory" in search field and check "Directory.Read.All"
Type "Group" in search field and check "Group.Read.All"
Type "User" in search field and check "User.Read"
Type "email" in search field and check "email"
Type "offlineaccess" in search field and check "offlineaccess"
Type "openid" in search field and check "openid"
Type "profile" in search field and check "profile"
Click "Add Permissions"
Click "Grant Admin Consent for RCS" (Might Not Show Up Until We Setup RCS)
Navigate To "Certificates & secrets"
Click "New Client Secret"
Name it something along the lines of "SSO"
Set Expiration to which ever suits your use case best
Click "Add"
Secret Key For New Client Secret Will Only Be Available Just This Once. Please temporarily copy it to a text file
Navigate To "Overview"
Temporarily Copy "Application (client) ID" to a text file
Temporarily Copy "Directory (tenant) ID" to a text file
Login to RCS
Navigate to "Account"
Navigate To "Users"
In the "Single Sign-On" Form
Set "OpenID Provider URL" to https://login.microsoftonline.com/DIRECTORYIDGOES_HERE
- Replace the DIRECTORYIDGOES_HERE with the "Directory (tenant) ID" you copied to temporary text file from earlier
Set "OpenID Client ID" to the "Application (client) ID" you copied to temporary text file from earlier
Set "OpenID Client Secret" to the "Client Secret" you copied to temporary text file from earlier
Enable SSO
In the "Users" Form
Click the "Add New User" Button
- Add a User From Your Active Directory into the Add New User Form To allow this user to login to RCS
Back In "Azure Active Directory"
Navigate to Your RCS SSO App if you're not already there
Navigate To "API permissions"
- Click "Grant Admin Consent for RCS" (Might Not Be There if Permissions Were Already Granted)
You're Done! Users will need to login using the SSO Page. Only users added under Account/Users can access via SSO.