Rublon

Secure Remote Access

By

Last updated on October 16, 2024

Overview

The purpose of this document is to enable Rublon Two-Factor Authentication (2FA) for users logging in to Envoy. In order to achieve that, you have to use Rublon Access Gateway. All required steps will be described in this document.

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push N/A
WebAuthn/U2F Security Key N/A
Passcode N/A
SMS Passcode N/A
SMS Link N/A
Phone Call N/A
QR Code N/A
Email Link N/A
YubiKey OTP Security Key N/A

Before you start

You need to install and configure Rublon Access Gateway itself before configuring Envoy to work with it. Please read the Rublon Access Gateway documentation and follow the steps in Installation and Configuration sections. Afterwards, follow the Configuration section in this document.

Configuration

Follow these steps to enable Rublon 2FA in Envoy.

Envoy

1. Log in to Envoy as global admin.

2. In the pane on the left, click Integrations.

3. Navigate to Single sign-on and click the Install button inside the SAML tile.

4. If installation has been completed and you have not been automatically redirected to the SAML configuration page, scroll up to the beginning of the page and click the Enabled integrations tab. Then click Configure.

5. In Fingerprint, enter a SHA1 fingerprint of the Rublon Access Gateway certificate (Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE).

Note

Certificate fingerprint must be in SHA1. 

Use openssl or an online converter of your choice to calculate a SHA1 fingerprint of your certificate.

6. In Identity Provider HTTP SAML URL, enter the value of SSO URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).

7. Copy the values of Assertion Consumer Service (ACS) URL and Issuer URL. You will need these values when configuring Envoy in Rublon Access Gateway. 

8. Copy the value of Sign On URL (SP-initiated only). You will be later using this link to log in to Envoy using Rublon 2FA.

9. We recommend you leave the Required checkbox unchecked at least until you have tested Rublon 2FA. When Required is enabled, only admins can log in using the traditional password. All other users can only log in using Rublon 2FA.

10. Click Save to add your SAML configuration.

Rublon Access Gateway

1. In Rublon Access Gateway, go to Applications → Add application.

2. Fill in the form and click SAVE to add a new application. Refer to the following image and table.

Application nameEnter a name for the application, e.g. Envoy. The name will be displayed during Rublon 2FA.
Entity IDEnter the value of Issuer URL from Envoy. This is one of the values you have copied before.
Assertion Consumer ServiceEnter the value of Assertion Consumer Service (ACS) URL from Envoy. This is one of the values you have copied before.
Single Logout Servicehttps://envoy.com/
NameID formaturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameID attributemail
Send AttributesNameID
Signature algorithmsha-256
Validate Authn RequestUncheck.
Sign responseCheck.
Certificate for signingSelect the certificate you have downloaded from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE.
Map attributesIn the IdP Attribute field, type E-Mail Addresses.

In the SAML Response Attribute field, type E-Mail Address.

3. Your configuration is now complete. You can log in to Envoy with Rublon 2FA.

Log in to Envoy with Rublon 2FA

1. Go to the Sign On URL (SP-initiated only) link. This is the Integrations → Enabled integrations → SAML → Configure link from Envoy you were asked to copy. The link has the following format:
https://app.envoy.com/a/saml/auth/example

Note

Alternatively, you can log in through the main site. Click Log in in the upper-right corner and then click Log in using Single Sign On after providing your email address.

2. You will be redirected to the Rublon Access Gateway login page.

3. Provide your username and password. Click SIGN IN. A window will appear with a selection of various 2FA options from Rublon. Let’s choose Mobile Push.

4. You will be sent a push notification. Tap APPROVE.

5. You will be successfully logged in to Envoy.

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Access Gateway

Rublon Access Gateway – Integrations