Topics included in this article:
Overview
Rhombus is migrating our console domain from rhombussystems.com to rhombus.com. This article covers the general setup steps to update your SSO settings to ensure the migration does not prevent your users from being able to log in via SSO.
Setup
When changing your SSO settings, you can choose to delete the existing Rhombus settings and recreate them, or you can clone them to guarantee there is no down time during the change. This section covers how to clone your SSO settings.
1. Log in to the Rhombus Console, navigate to "Settings," and click "Single-Sign On."
2. Open the "Single Sign-On" dropdown menu, click the three dots on the right, and click "Clone."
3. Once your SSO settings have been cloned, you must either create a new application or update the existing application in your corresponding IDP portal using the updated Rhombus URL details. Then, add the new Metadata XML to the clone in the Rhombus Console. Follow the guides below to create a new application for your specific IDP:
Microsoft Entra ID Caveats
Microsoft Entra ID (formerly Azure AD) has unique properties that require additional steps to ensure proper functionality when creating a new application for SSO.
Note: These additional steps are only required if you are cloning your Rhombus Console settings and choosing to maintain two active SSO setups. If you opt to delete your existing SSO configuration and create a new one using the new domain, these caveats can be ignored.
Reply URL
1. In the Entra ID portal, select your SSO application within "Enterprise Applications," click the "Single Sign-On" tab, and click "Edit" in the "Basic SAML Configuration."
2. Click "Add Reply URL," and paste the full ACS URL from the Rhombus Console. Ensure the index for the full URL is set to 1, and the index for the URL without the final path segment is set to 2 as shown in the screenshot below.
Attributes & Claims
1. In the Entra ID portal, select your SSO application within "Enterprise Applications," click the "Single Sign-On" tab, and click "Edit" in the "Attributes & Claims."
2. In "Attributes & Claims," click "Edit" beside "Advanced SAML claims options." Click the checkbox beside "Append application ID to issuer" to enable this option.
Application ID
When entering in the Federation Metadata XML into the Rhombus Console, the Application ID must be appended to the end of the Entity ID.
1. In the Entra ID portal, select your SSO application within "Enterprise Applications," click the "Overview" tab, and copy the "Application ID."
2. Download the Federation Metadata XML from the "Single Sign-On" tab.
3. Open the XML file using a text editor, and paste the copied application ID inside the quotes and after the highlighted section in the image below.
4. Once the application ID has been appended to the XML file, copy the full Metadata file and paste it into the "IDP Metadata XML" field in the Rhombus Console.
Google Workspace Caveats
Google Workspace has unique properties that require an additional step to ensure proper functionality when creating a new application for SSO.
Note: This additional step is only required if you are cloning your Rhombus Console settings and choosing to maintain two active SSO setups. If you opt to delete your existing SSO configuration and create a new one, these caveats can be ignored.
1. Open the newly downloaded IDP Metadata file using a text editor, and append "&unique=rhombus-com" to the end of the entity ID.
2. Once the Metadata file has been edited, copy the entirety of the file, paste it into the XML field in the Rhombus Console, and click "Save."
Verify Functionality
Once your SSO setup is complete, it's important to verify that it functions properly. Functionality should be tested via your IDP portal and the Rhombus Console.
1. Log in to your IDP portal, open the SSO application with the updated "console.rhombus.com" domain, and click the "Test Sign In" option. Once logged in, your address bar should show the new Rhombus domain.
2. Next, navigate to console.rhombus.com/login, and click the "Login with SSO" option.
3. Enter the unique team name from your cloned Rhombus SSO settings and your email address.
Note: If you didn't edit your team name after cloning, it will have "(Copy)" at the end of it.
4. When you click "Continue," you will be redirected to your IDP login page.
5. Once logged in, you should be redirected to console.rhombus.com.
6. After verifying your SSO login is successful via both your IDP portal and the Rhombus Console, delete the original SSO settings tied to the "console.rhombussystems.com" domain in your Rhombus Console.
SCIM Requirements
When using SCIM in tandem with your SSO, you may be able you change the URL used by SCIM without needing a new API token. That said, if a new token is required to change the URL, you must revoke the existing token used with Rhombus and generate a new one.
Note: The new URL for SCIM is https://api.rhombus.com/scim/v2
1. Log in to the Rhombus Console, navigate to "Settings," and click "Single Sign-On.
2. Under the "SCIM" dropdown menu, click "Revoke."
3. Once revoked, click "Setup," and use the new token provided to change the URL to in your SCIM IDP.
Note: This token is only provided once.
Helpful Links
- Setting Up SSO with the Okta Custom App
- Setting Up SSO with Microsoft Entra ID
- Setting Up SSO with Google Workspace
- Setting Up SSO with OneLogin
- Setting Up SSO with DUO
- Configure SCIM 2.0 with Entra ID
- Configure SCIM 2.0 with Okta
- SCIM Setup for SSO
Contact Support or Sales
Have more questions? Contact Rhombus Support at +1 (877) 746-6797 option 2 or support@rhombus.com.
Interested in learning more? Contact Rhombus Sales at +1 (877) 746-6797 option 1 or sales@rhombus.com.
Comments
0 comments
Please sign in to leave a comment.