Microsoft Azure Active Directory

Introduction

Single Sign-On (SSO) functionality for enterprise customers is available to access Reimbi through a single authentication source, like Microsoft Azure Active Directory. This allows IT administrators to better manage team access and keeps information more secure. SSO is only used for staff account users. It has no impact on your requesters/candidates.

Reimbi uses SAML (Security Assertion Markup Language), a standard that permits identity managers, Microsoft Azure Active Directory for example, to safely pass authorization credentials to service providers like Reimbi.

Create a new SAML application

• Sign in to the Azure portal: https://portal.azure.com/
• Go to the Azure Active Directory service

• Click the Enterprise applications button and then click the New application

• Click the Create your own application button and enter "Reimbi" as the name

• Go to the Properties tab and upload Reimbi logo, which can be found here: https://www.reimbi.com/branding

SAML settings

• Navigate to the Single Sign-On tab and select "SAML".

• Next, click the Edit button.

• Enter the Identifier (Entity ID) and the Reply URL (Assertion Consumer Service URL)

• The Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) can be found at https://app.reimbi.com/users/~saml-sso/

SSO Attribute Mapping

Reimbi setup

Metadata URL

• Navigate to Company Settings, select the Integrations tab, and click the "Configure" link (https://app.reimbi.com/users/~saml-sso/). Then, choose Microsoft Azure Active Directory as the Single Authentication Source:

• Please upload Identity Provider metadata file and enter the Initiate Single Sign-On (SSO) URL which can be found here:

• Single Sign-On (SSO) URL value can be found here:

• Single Sign-On (SSO) URL should be entered here:

Log in to Reimbi using Single Sign On (SSO)

After a user is correctly provisioned in Microsoft Azure Active Directory, that user will need to start their initial Reimbi login from Microsoft Azure Active Directory.

After the initial login the staff user will appear on the Staff accounts page in Reimbi. Also after the initial login staff users can continue to login via Microsoft Azure Active Directory or login directly to Reimbi.

For direct Reimbi login, go to the login page (https://app.reimbi.com/account/login/). If the email entered belongs to a provisioned user, that user will automatically be redirected to sign in via Microsoft Azure Active Directory.

Default and additional permissions

Select the permissions that new staff users will be assigned by default. Individual modifications can then be made as needed on the Company Settings -> Staff accounts page.

Changes here have no impact on existing staff users.