This article will cover the following topics:
Prerequisites
- If this is your first encounter with SCIM provisioning, check out the SCIM Setup for SSO article.
- The SSO setup needs to be completed prior to this SCIM setup. Please reference the Setting up SSO with Microsoft Azure AD article.
Steps
1. Navigate to the Rhombus Systems app, select "Users and groups," and click on "Add user/group."
From there, add a user with an email and select a role for them (those roles must be previously created in the Rhombus Console).
2. Next, select "Provisioning" and "Edit Provisioning."
3. Under "Provisioning Mode," select "Automatic." The tenant URL and secret token can be found on the Rhombus web console SSO/SCIM page here at the bottom. The token will only be available once.
4. Under "Mappings," click "Provision Azure Active Directory Users." Open the advanced options menu and click on "Edit attribute for customappsso."
5. Add a new row to the list called "roles" with type "string" and check the box for "Multi-Value." Then click "Save" at the top.
6. Go back to the "Provision Azure Active Directory Users" menu and this time, select "Add new mapping." For Type, put "expression" and paste the string below into the expression box.
AppRoleAssignmentscomplex([appRoleAssignments])
Under "Target Attributes," select "roles," then click "OK" and "Save."
Back out of this and go back to "Provisioning" -> "Mappings" -> "Provision Azure Active Directory Groups," change enabled from "Yes" to "No," and then click "Save."
7. Assign users and groups to the application. From the Azure home page, navigate to "Azure Active Directory" -> "App Registrations" -> "All applications" -> Select "Rhombus Systems" app-> "App roles." Once there, click the "Create app role" button on the top.
Next, make sure the display name and value fields match the role name defined in the Rhombus console, then click "Apply" at the bottom:
NOTE: The role name within Azure cannot contain spaces, but the Rhombus role name can. The below screenshot demonstrates how you would enter the Super Admin Group role name within Azure.
8. Navigate to "Enterprise Applications"-> "Rhombus Systems" app-> "Users and groups" and check the select box for the user(s) that need the new role and click the "Edit" button at the top:
In the "Edit Assignment" popup, click "None Selected" under "Select a role," then on the right side select the corresponding role for that user, hit "Select," and click on the "Assign" button.
9. Go to "Provision on demand" type the name of the new user and press "Provision" at the bottom left.
After a few seconds, you should see something like this:
10. Now with your SCIM configuration in place, your provisioning is good to go!
Helpful Links
- SCIM Setup for SSO
- Setting up SSO with Microsoft Azure AD
- Role Creation and Management
- How to Manage Users
Contact Support or Sales
Have more questions? Contact Rhombus Support at +1 (877) 746-6797 option 2 or support@rhombus.com.
Interested in learning more? Contact Rhombus Sales at +1 (877) 746-6797 option 1 or sales@rhombus.com.
Comments
0 comments
Please sign in to leave a comment.