Topics included in this article:
Prerequisites
- If this is your first encounter with SCIM provisioning, check out the SCIM Setup for SSO article.
- The SSO setup must be completed prior to this SCIM setup. Please reference the Setting up SSO with Microsoft Azure AD article.
Steps
1. Navigate to the Rhombus Systems app, select "Users and groups," and click "Add user/group."
2. Next, add a user or a group with an email address and select a role for the user or group (roles must be previously created in the Rhombus Console).
2. Next, select "Provisioning" and "Edit Provisioning."
3. Under "Provisioning Mode," select "Automatic." The tenant URL and secret token can be found at the bottom of the Rhombus web console SSO/SCIM page here. The token will only be available once.
4. Under "Mappings," click "Provision Azure Active Directory Users." Open the advanced options menu and click "Edit attribute for customappsso."
5. Add a new row to the list called "roles" with type "string" and check the box for "Multi-Value." Then click "Save" at the top.
6. Go back to the "Provision Azure Active Directory Users" menu, and this time, select "Add new mapping." For Type, select "Expression" and paste the string below into the expression box.
AppRoleAssignmentscomplex([appRoleAssignments])
Under "Target Attributes," select "roles," then click "OK" and "Save."
Note: If you are provisioning a group of users, navigate back to "Provisioning" -> "Mappings" -> "Provision Azure Active Directory Groups," change enabled from "No" to "Yes," and then click "Save."
7. Assign users and groups to the application. From the Azure home page, navigate to "Azure Active Directory" -> "App Registrations" -> "All applications" -> Select "Rhombus Systems" app-> "App roles." Once there, click the "Create app role" button on the top.
8. Next, ensure the display name and value fields match the role name defined in the Rhombus console, then click "Apply" at the bottom:
Note: The role name within Azure cannot contain spaces, but the Rhombus role name can. The below screenshot demonstrates how you would enter the Super Admin Group role name within Azure.
9. Navigate to "Enterprise Applications"-> "Rhombus Systems" app-> "Users and groups" and check the select box for the user or group of users who need the new role and click the "Edit" button at the top.
10. In the "Edit Assignment" popup, click "None Selected" under "Select a role." Then, on the right side, select the corresponding role for that user or group, click "Select," and click "Assign."
11. Go to "Provision on demand," type the name of the new user or group, and press "Provision" in the bottom left to complete the SCIM provisioning.
After a few seconds, you should see something like this:
Helpful Links
- SCIM Setup for SSO
- Setting up SSO with Microsoft Azure AD
- Role Creation and Management
- How to Manage Users
Contact Support or Sales
Have more questions? Contact Rhombus Support at +1 (877) 746-6797 option 2 or support@rhombus.com.
Interested in learning more? Contact Rhombus Sales at +1 (877) 746-6797 option 1 or sales@rhombus.com.
Comments
0 comments
Please sign in to leave a comment.