Skip to main content

Setting up SSO with Microsoft Azure AD

Rhombus Support
  • Updated

Topics included in this article:

 

Pre-Requisite: Azure Active Directory Subscription. To view the Microsoft documentation, click the links for Provision users and groups using SCIM  or  Configuring SCIM provisioning for Azure AD

 

Common Questions

Will users be provisioned when they are added to an AD group if the group is defined?
Users will automatically get provisioned in Rhombus if:
1. SCIM has been configured between the IDP (Azure AD, Okta ...) and Rhombus
2. JIT (Just In Time) SAML has been enabled on Rhombus
In either scenario, it is expected that the Users are assigned to Groups on the IDP side (Auzre AD, Okta ..) with matching Role names on the Rhombus side.
 
Do users need to be created in both AD and Rhombus for it to work?
This is not required as long as Users have matching IDP Group to Role name association.
 
What do I need to do on the Rhombus side before the integration?
You will need to create the user Roles in Rhombus. The group on the IDP side (Azure AD, Okta ..) and the Role name in Rhombus need to match. As an example, Users assigned to matching groups in AD will automatically get assigned to the matching Role with the similar name.
If the Role in Rhombus does not match the AD group name, there will be a mismatch error and Rhombus will not add the user, unless the role mismatch option is enabled in Rhombus.
 
 

Step by step Instructions

Below are the steps necessary to setup single sign-on with Office 365/Microsoft Azure AD.

1) Access the Azure Active Directory Portal (https://aad.portal.azure.com/)

 Office_365_SSO_1.png

 

2) + New Application -> Non Gallery Application

Office_365_SSO_2.png

3) Name the Application Rhombus Systems and assign Users or Groups that are allowed to access Rhombus

4) Fill in the Single Sign-On details as show below

Office_365_SSO_3.png

 

Office_365_SSO_4.png

 

5) Download the MetaData XML

Office_365_SSO_5.png

 

6) Copy the MetaData XML and paste it in the Rhombus Single Sign-On Settings Console

(accessible by going to Settings -> Single Sign-On)

Office_365_SSO_6.png

 

7) Edit The Metadata XML by adding the NameIDFormat Attribute as show below (This needs to be done as Office 365 XML generator has a bug)

Add the following line in the XML within the IDPSSODescriptor as shown below

 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

Office_365_SSO_7.png

 

8) Click Save

Office_365_SSO_8.png

 

9) Everything should now be all set!

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk