Topics included in this article:
Pre-Requisite: Azure Active Directory Subscription. To view the Microsoft documentation, click the links for Provision users and groups using SCIM or Configuring SCIM provisioning for Azure AD.
1. SCIM has been configured between the IDP (Azure AD, Okta ...) and Rhombus
2. JIT (Just In Time) SAML has been enabled on Rhombus
If the Role in Rhombus does not match the AD group name, there will be a mismatch error and Rhombus will not add the user, unless the role mismatch option is enabled in Rhombus.
Below are the steps necessary to setup single sign-on with Office 365/Microsoft Azure AD.
1) Access the Azure Active Directory Portal (https://aad.portal.azure.com/) and create a new application named "Rhombus Systems".
2) Assign users and groups to the application.
3) Ensure that corresponding roles have been created in the Rhombus web console that match the role names in AD in spelling, case and white space.
4) Edit the "Basic SAML Configuration" by copying and pasting the information from the SSO page on the Rhombus web console.
5) Edit the "User Attributes & Claims" so that the "Unique User Identifier" is set to "user.mail". Note: depending on the configuration of the user or group, this may need to be set to "user.userprinciplename".
6) Download the MetaData XML and paste it in the "IDP MetaData XML" field in the Rhombus Single Sign-On Settings page.
7) Edit The Metadata XML by adding the NameIDFormat Attribute as show below:
Add the following line in the XML within the IDPSSODescriptor as shown below
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
8) Click "Save"
9) Now when users try to login to Rhombus, they will be redirected to login through AD. If JIT is not enabled, each user will need to be created in Rhombus before logging in.
Comments
0 comments
Please sign in to leave a comment.