Skip to content

Configuring Azure AD for SAML in Posit Workbench#

Posit Workbench is a registered app with Azure.

Configure Application in Azure AD#

  1. Navigate to the Azure portal, go to Azure Active Directory.

  2. In the left-hand menu, click App registration > Enterprise Applications and then select All Applications.

  3. To add new application, click New application.

  4. In the Add from the gallery section, type "RStudio Server Pro SAML Authentication" in the search box.

  5. From the results panel, select RStudio Server Pro SAML Authentication and then add the app. You may have to wait several seconds while the app is added to your tenant.

  6. In the Azure portal, on the RStudio Server Pro SAML Authentication application integration page, navigate to the Manage section and select single sign-on.

  7. On the Select a single sign-on method page, select SAML.

  8. On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings.

  9. On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode, enter the values for the following fields:

    a. In the Identifier text box, type a URL using the following pattern:
    https://<RSW-SERVER>/<PATH>/saml/metadata

    b. In the Reply URL text box, type a URL using the following pattern:
    https://<RSW-SERVER>/<PATH>/saml/acs

  10. Click Set additional URLs and perform the following step if you wish to configure the application in SP initiated mode:

    In the Sign-on URL text box, type a URL using the following pattern:
    https://<RSW-SERVER>/<PATH>

  11. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, click copy button to copy App Federation Metadata Url and save it on your computer.

Additionally, we recommend referencing the Azure documentation.

Configure Workbench#

  1. Update the Workbench configuration file with the following:

    File: /etc/rstudio/rserver.conf
    auth-saml=1
auth-saml-metadata-url=<federation-metadata-URI>
auth-saml-sp-name-id-format=emailaddress
auth-saml-sp-attribute-username=NameID
auth-saml-sp-base-uri=<RStudio-Server-URI>

  2. Restart Workbench by running the following:

    Terminal
    sudo rstudio-server restart

Any user who has been given access via Azure AD and has been provisioned on the Workbench server, should now be able to log in. For the above configuration, the username is the email address (converted to lowercase).

Return to main SAML documentation