Rouxbe Single Sign-On (SSO) uses the widely supported Security Assertion Markup Language (SAML 2.0) to integrate your Rouxbe user authentication with identity and access management platforms such as Okta and Microsoft Azure Active Directory.
This documentation provides an overview of Rouxbe's SSO offering and configuration steps to set up SSO for any IdP that supports SAML 2.0. We also provide the following IdP-specific configuration guides.
- Identity Provider (IdP)
- Services such as Okta, Azure Active Directory, and Duo.
- Service Provider (SP)
- Rouxbe is the SP in the SAML relationship.
SSO and SAML terminology is defined throughout this document. One IdP often uses different terminology from another to label the same required fields. This document attempts to clarify and call attention to the alternative terminology used by IdPs whenever possible.
Because terminology can vary among IdPs, you may find the following high-level overview helpful. There is also a table at the end of this document that maps different IdP terminology to the correct Rouxbe fields.
Your IdP will usually require one value from Rouxbe: the Single Sign-On URL. This URL tells your IdP where to send its SAML assertion. This URL is also the value set for the Audience URL (SP Entity ID).
Rouxbe will need three values from your IdP: a SAML Issuer ID, a login URL, and an X509 certificate.
The SAML Issuer ID is a string — usually a URL — that identifies the SP (Rouxbe) to the IdP when making SSO requests. The login URL is your IdP's SAML endpoint — it receives the SSO requests. The X509 certificate is used to identify and verify requests from your IdP.
The Rouxbe Single Sign-On settings page allows you to configure integrations with your IdP(s).
Adding an SSO configuration requires some back-and-forth between the Service Provider (Rouxbe) and your IdP. Rouxbe will provide the values required by your IdP. Likewise, your IdP will provide the values required by Rouxbe. This document will cover the exchange in sections, beginning from the Rouxbe.
To add, delete, or modify an SSO integration, log in to the top level of your Rouxbe account using your login credentials and go to Admin via the menu in the upper right corner.
- Once logged in, navigate to the Admin and click on the Single Sign-On Settings link. Rouxbe will display a page with an Add Configuration button.
Click Add Configuration. A page will load and display the following configuration values needed by your IdP.
- You will add the Single Sign-On URL to your IdP.
- Depending on your IdP, some of the other fields may be required.
|Rouxbe SSO Metadata Field
|A friendly name for your SAML SSO configuration.
|Single Sign-On URL
|The Rouxbe URL where your IdP should POST its SAML assertion. The Single Sign-On URL and the Audience URL are the same when using Rouxbe.
|Audience URL (SP Entity ID)
|A string identifier that defines the intended audience for the SAML assertion. The Audience URL and the Single Sign-On URL are the same when using Rouxbe.
|The Rouxbe URL contains SAML information for your account. The information is technical and can be consumed by the IdP if supported.
Once you have added the previous settings where appropriate in your IdP, your IdP will provide the values necessary to complete the setup in Rouxbe.
- From the page displaying your Rouxbe SSO configuration, click Next. A page will load and display the following SAML fields.
|The IdP’s SAML POST endpoint. This endpoint should receive requests and initiate an SSO login flow. Your IdP may call this the "Identity Provider Single Sign-On URL," "Login URL," or some other authentication URL.
|This x509 certificate is used by Rouxbe to verify that SAML requests are coming from an IdP it knows and trusts.
2. Copy the values from your IdP to the appropriate fields in the Rouxbe IdP Settings.
Your SSO configuration should now be complete. You can follow the next steps in this document to test your configuration.