Skip to content

Configuring Azure AD for SAML in RStudio Workbench#

RStudio Workbench, formerly RStudio Server Pro1, is a registered app with Azure.

Configure Application in Azure AD#

  1. Navigate to the Azure portal, go to Azure Active Directory.

  2. In the left-hand menu, click App registration > Enterprise Applications and then select All Applications.

  3. To add new application, click New application.

  4. In the Add from the gallery section, type "RStudio Server Pro SAML Authentication" in the search box.

  5. From the results panel, select RStudio Server Pro SAML Authentication and then add the app. You may have to wait several seconds while the app is added to your tenant.

  6. In the Azure portal, on the RStudio Server Pro SAML Authentication application integration page, navigate to the Manage section and select single sign-on.

  7. On the Select a single sign-on method page, select SAML.

  8. On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings.

  9. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode, enter the values for the following fields:

    a. In the Identifier text box, type a URL using the following pattern:
    https://<RSW-SERVER>/<PATH>/saml/metadata

    b. In the Reply URL text box, type a URL using the following pattern:
    https://<RSW-SERVER>/<PATH>/saml/acs

  10. Click Set additional URLs and perform the following step if you wish to configure the application in SP initiated mode:

    In the Sign-on URL text box, type a URL using the following pattern:
    https://<RSW-SERVER>/<PATH>

  11. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, click copy button to copy App Federation Metadata Url and save it on your computer.

Additionally, we recommend referencing the Azure documentation.

Configure RStudio Server Workbench#

  1. Update the RSW configuration file with the following:

    File: /etc/rstudio/rserver.conf
    auth-saml=1
    auth-saml-metadata-url=<federation-metadata-URI>
    auth-saml-sp-name-id-format=emailaddress
    auth-saml-sp-attribute-username=NameID
    auth-saml-sp-base-uri=<RStudio-Server-URI>
    
  2. Restart RSW by running the following:

    Terminal
    sudo rstudio-server restart
    

Any user who has been given access via Azure AD and has been provisioned on the RSW server, should now be able to log in. For the above configuration, the username is the email address (converted to lowercase).


  1. We have renamed RStudio Server Pro to RStudio Workbench. This change reflects the product’s growing support for a wide range of different development environments. Please see our official Announcement and review our FAQ regarding the name change from RStudio Server Pro to RStudio Workbench. 

Back to top