In this article below we will go over how to set up SSO with Okta via the Rhombus console and Okta console.
Okta SSO Options
Below is an image of the options offered for SSO in the Rhombus Console in the SSO section. Currently only the 'Use Single Sign-on' and 'Just In-Time User Creation' work for Okta. The option of 'Add Users on Role Mismatch' currently does not function properly.
- A Recovery User is a user account in your organization which bypasses SAML once enabled.
- It is recommended the leave 2 Super User Accounts as Recovery Users when enabling SSO to ensure you have a method of logging and disabling SSO in the event SAML encounters errors.
|• Enabling a user account as a Recovery User is done during the SSO configuration process.
• Any user with a Blue Checkmark will be a Recovery User
• When finished, select OK.
Setting up Okta with Rhombus is fast and easy. Just follow the quick steps below.
1. Navigate to the Applications tab on the right side of the home screen, and type 'Rhombus' into the search bar and select 'Rhombus Systems' (circled in red below)
2. On the next screen hit the add button (circled in red below)
3. On the next screen click the blue 'Done' button (circled in red below)
4. The Rhombus Systems application is pre-configured to pass Okta groups as part of the SAML assertion. In order to send user groups as part of the SAML assertion:
In Okta, select the Sign On tab for the Rhombus Systems app, then click Edit.
Select your preferred group filter from the roles dropdown list (the Regex rule with the value ".*" in order to send *all* groups to the Rhombus Systems instance we used in our example) for the attribute.
5. Go to 'Assignments' tab (circled in blue below) and click on the 'Assign' button with the drop down icon and select the 'Assign to People' option
6. Select the user(s) you want to assign the rhombus app to by hitting the 'Assign' button:
Another popup will appear and you will need to hit 'Save and Go Back'
Lastly hit the blue 'Done' button at the main 'Assign Rhombus Systems to People' screen.
7. Click the 'Sign On' tab within the application window (circled in red below)
8. Scroll down the 'Sign On' tab and click on the 'Actions' button and then click on 'view IdP metadata' (Seen below)
9. Copy the XML data in the tab that just opened up:
10. Paste the XML data into the 'IDP MetaData XML' box below, then toggle the 'Use Single Sign-On' button at the top to turn on, and then hit save in the upper right:
11. After adding the user in the Okta account to the Rhombus App. You will then have to add the user in the Rhombus console and apply a role to the user. This will now give the user the ability to log into from the Okta application.