Topics included in this article:
- What is Single Sign-On?
- With currently added users, will anything in their account change when enabling SSO?
- How will enabling SSO affect current users? Is mixed authentication supported?
- Will existing users need to select the SSO option and if so will they need the “team name”?
- Can existing relationships be used if they are an active user in the SSO provider and in the Rhombus Group, their privilege's in the Rhombus Console would be managed in console?
- How do we deal with users that are not on the customers domain but need to have access to Rhombus?
- For users added as Partners in my domain, can they use SSO somehow?
- What if the customer doesn’t want to use AD groups? Will that impact the integration?
- What is the meaning behind "Error: saml message invalid"?
What is Single Sign-On?
Single Sign-On, or SSO, is a way to sync sign-on across multiple applications allowing you to log-in to all applications with one user account and password.
With current users, will anything in their account change when enabling SSO?
Nothing will changed for current users besides redirected to the SSO login page when logging in. If they currently have a valid session, they will not be redirected to the SSO login page.
How will enabling SSO affect current users? Is mixed authentication supported?
Mixed authentication is not supported. Once SSO is enabled, all current users will be redirected to your SSO provider.
Will existing users need to select the SSO option and if so will they need the “team name”?
No - existing users do not need to click on SSO Login. New users, that are not in Rhombus, also do not need to click on SSO login as long as the team name matches the new users email domain. If there is a user in your SSO that is not part of your domain, then only the SSO Login option needs to be selected for manual discovery.
Can existing relationships be used if they are an active user in the SSO provider and in the Rhombus Group and can their privilege's be managed within the console?
You can manage roles from Rhombus console but note that if there is a matching group that is passed to Rhombus during user authentication, the user's role in console will be updated automatically.
How do we deal with users that are not on the customers domain but need to have access to Rhombus?
Customers can add third party partners and send temporary account login urls with expiration (Settings -> User Management -> Partners -> Add Third-Party Partner).
For users added as Partners in my domain, can they use SSO somehow?
Yes - you will need to add the email addresses of the users added in Partners in the SSO provider. For example, if the customer adds xyz@pd.gov in the @abccompany.com in the SSO provider, then xyz@pd.gov will use the SSO Login button to put in the email xyz@pd.gov, team name "abccompany" and get authenticated with customers SSO.
What if the customer doesn’t want to use Azure AD groups? Will that impact the integration?
Users are not required to use Azure AD groups. As longs as the user has not assigned a created, matching, Role with names to "Users" assigned groups in Azure AD. They can manually assign Roles to users in Rhombus console.
What is the meaning behind "Error: saml message invalid"?
The error message is an indication of incorrect SAML configuration on the customer IDP side. If the customer can login with SAML, that error will not occur. The error message is due to the customer end user not having SAML setup to completion.
Helpful Links
Below are some helpful links that are commonly tied to this article:
- SCIM Setup for SSO
- Setting up SSO with Okta
- Setting up SSO with DUO
- Setting up SSO with OneLogin
- Setting up SSO with Google Workspace
- Setting up SSO with Microsoft Azure AD
Contact Support and Sales
Have more questions? Contact Rhombus Support at +1 (877) 746-6797 option 2 or support@rhombus.com.
Interested in learning more? Contact Rhombus Sales at +1 (877) 746-6797 option 1 or sales@rhombus.com.
Comments
0 comments
Please sign in to leave a comment.