On "Enterprise applications" click "New application". Then click "Non-gallery application"
Put whatever you want to the name field (I named it "TestSaml") and press "Add"
On your app page select "Single sign-on" and then select "SAML"
You should see SAML settings and configurations. You will need "Certificate" (base64), "Login URL (Azure)" and "Azure AD Identifier"
Go to Rubex -> Hamburger menu -> Admin -> Settings -> Single Sign-On Settings -> Create Saml Configuration. Name: Whatever you like Issuer: Copy contents of "Azure AD Identifier" Entity ID: Whatever valid URL you like Saml Endpoint: "Login URL (Azure)" Certificate: Load "Certificate" file
Click Create/Update. You will need "Login URL (Rubex)" THIS URL SHOULD BE HTTPS!!! Otherwise, it will not work with Azure
Go back to Azure app settings. Identifier (Entity ID): Put the same Entity ID as in Rubex Reply URL: Copy "Login URL (Rubex)" Save everything. You can also press the Test button to test auth from Identity Provider
To add users to Active Directory search for "Users" in top search bar.
To add groups to Active Directory search for "Groups" in top search bar. Set type as "Security" and add some users during creation.
To add users to SAML application go back to the Enterprise application, select users and groups and add existing AD users
To import groups select "Single Sign-on" -> "User attributes & claims"
Then click "add a group claim", check "Customize the name...", Name: "groups" or something else. The namespace should be empty. Source attribute needs to be checked for different values, because ID returns... ID! Save everything
Put the same name ("groups") to Rubex saml settings
No Comments