Rubex allows you to set up Single Sign On using your Azure AD
To see Microsoft's KB article on configuring a custom SSO app in Azure AD, please see:
- In Azure go to the Azure Active Directory section.
- Select Enterprise Applications.
- Click on New Application
- Select the Non-Gallery application option.
- Type in a name for the application describing the connection, such as "Rubex."
- As a note, this is also the label that will be associated with the link that users will be able to click on to launch Rubex from within the Microsoft apps portal.
- Click the Add button
- Click on Single sign-on and select the SAML option
- In section 2: User 'Attributes & Claims' you’ll need to edit this section and remove attributes added by default, except for the Unique User Identifier user.userpricipalname.
- In Section 3: SAML Signing Certificate. In this section you need to click the Download link for the Certificate (Base64) option.
- In Section 4: 'Set up Rubex' copy the Azure AD Identifier URL provided.
- In Rubex go to the Admin menu, select Settings and then Single Sign-On Settings.
- click to Create SAML Configuration.
- Give it a name to help identify the connection being used.
- Issuer: in this field paste the Azure AD Identifier url. It should look something like https://sts.windows.net/########-####-####-###-############
- Entity ID: Entity ID: Enter https://account.efilecabinet.net/, optionally you can enter the custom branded link configured in your Rubex admin panel settings
- In the Signature Section select Choose File and select the certificate that you downloaded from Azure AD.
- Click the Create button.
- You’ll need to go back into the SSO/SAML configuration and at the bottom of the window will be a section titled Endpoints. In that section is a Login URL which will be something like https://account.efilecabinet.net/api/saml/##. Copy the URL in the Rubex SAML settings.
Now that the settings in Rubex have been finished, it’s time to finalize the Azure AD configuration. So, to do this go back to your AzureAD > Enterprise Applications > Rubex > Single sign-on options.
All that you have left is in Section 1 Basic SAML Configuration to make a few edits.
Identifier (Entity ID): use the same url that you choose to use for the Entity ID in the Rubex configuration side. If this doesn’t match the value you used in Rubex the connection will fail.
Reply URL: this is where you put the URL that is generated at the bottom of the Rubex SSO configuration window, it’s be something along the lines of https://account.efilecabinet.net/api/saml/##
Here is a quick breakdown of where data between the Rubex SAML configuration and AzureAD SAML Based sign-on relate to each other.
Now that Rubex and AzureAD have been configured to communicate back and forth between each other you’ll need to grant permissions to users in AzureAD that should have access to Rubex. There is a Users and Groups option in the AzureAD Enterprise Application where you can assign individual users or groups that exist in your AzureAD to be granted access to Rubex.
Any users that have permission to Rubex through this SSO configuration will have Rubex show up in their Microsoft Apps section of Office365.