Microsoft Azure SSO Instructions | Rhumbix Help Center

Client Setup

1. Navigate to https://portal.azure.com

2. Select Azure Active Directory from the list of services.

3. Click App Registrations from the left navigation.

4. Click New Registration.

5. On the Register an Application Screen, fill out the following:

Enter a Name. We suggest something recognizable like "Rhumbix Web SSO."
Select the first account type for "Accounts in this organizational directory only."

For Redirect URL, set the following:
Select a platform: Web.
URL: https://platform.rhumbix.com/rhumbix/oidc-callback/
Click Register.
You will be redirected to your new app registration.

6. Take note of your Application (client) ID and your Directory (tenant) ID.

7. Select Branding & Properties in the left navigation.

App Name: Rhumbix on behalf of YOUR ORGANIZATION
Upload new logo:
Home page URL: https://www.rhumbix.com/
Terms of service URL: https://www.rhumbix.com/terms
Privacy Statement URL: https://www.rhumbix.com/privacy
Click Save.

8. Select Authentication from the left navigation.

Click Add URL under Redirect URLs
In the text box, enter: https://prod.rhumbix.com/rhumbix/oidc-callback/
Click Add URL under Redirect URLs
In the text box, enter: https://platform.rhumbix.com/rhumbix/oidc-mobile-callback/
Click Add URL under Redirect URLs
In the text box, enter: https://prod.rhumbix.com/rhumbix/oidc-mobile-callback/
Click Save.

9. Select Certificates & Secrets from the left navigation.

Click New Client Secret
Give the Secret a name and expiration date. Click Add.
NOTE: BEFORE THE SECRET EXPIRES, AN ADMIN WILL NEED TO LOG IN TO RHUMBIX TO UPDATE THE CONFIGURATION WITH A NEW SECRET.
Immediately copy the Secret Value and store it in a secure location.

10. Select API Permissions from the left navigation.

Click Add a permission.
Select Microsoft Graph from the right panel.
Select Delegated permissions.

11. Select all options under the OpenID permissions

Email
Offline_access
OpenID
Profile
Click Add permissions.
Click Grant Admin consent for YOUR ORG.

Click Yes in the Action Bar.

Rhumbix SSO Setup

1. Log into https://platform.rhumbix.com using an administrator account.

2. Navigate to SSO Configuration under Company Settings.

3. Enter the following information:

Customize Connection Name: Microsoft
OIDC URL/Authority: https://login.microsoftonline.com/[your Directory (tenant) ID from step 6]/oauth2/v2.0/authorize
Scope: openid email profile offline_access
Client ID/Client Key: The “Application (client) ID” value from Client Setup step 6
Client Secret: The Client Secret value from Client Setup step 8
Authentication Endpoint/Keys: https://login.microsoftonline.com/[your Directory (tenant) ID from step 6]/discovery/v2.0/keys
User Info Endpoint: https://login.microsoftonline.com/[your Directory (tenant) ID from step 6]/v2.0/.well-known/openid-configuration
Token Endpoint: https://login.microsoftonline.com/[your Directory (tenant) ID from step 6]/oauth2/v2.0/token
Audience/Issuer Reference: https://login.microsoftonline.com/[your Directory (tenant) ID from step 6]/v2.0

4. Enter any additional Assigned Exceptions for users who you wish to be able to log in using a password rather than being forced to use SSO. You cannot remove yourself from the list.

5. Click Test. In the window that opens, login using your Microsoft credentials and authorize Rhumbix to access your information.

6. Upon successful authentication and authorization, you can now Submit the form.

Users can find more information on setting up their Rhumbix account on our Support Center.