Note: This is an advanced feature only available for customers on the Enterprise plan. Implementation requires advanced technical knowledge.
Rex and Pocket/Rex Mobile supports the ability to let users login with their external authentication provider via Open ID Connect.
This means, after entering their email on the Rex login screen, users will see a button labelled “Login via {YOUR_APP}” which - when clicked - will navigate to your external authentication provider and redirect back to Rex upon successful login.
This is a fantastic quality of life improvement and helps avoid users worrying about forgetting their Rex password.
There are some limitations to keep in mind:
-
Currently, the only providers supported are
- Azure Active Directory/Office 365
-
This functionality only enables a convenient login method, and does not support remote provisioning or disabling of users.
Users will still need to be invited from Rex, accept an invite from Rex, and
provide a password, before being able to log in via SSO. The feature exists to
provide user convenience for easier logging in, rather than serving as a full
blown alternative to Rex’s user management system. - With SSO active, all users will still be able to fallback to a password login if they choose.
How to setup Azure Active Directory to use Rex SSO
-
Register app: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
- Provide any name for the application (users will see this when logging in via azure)
- Leave redirect uri empty for now
-
Go to the registered application, then:
-
Go to “API permissions” and add the following permissions:
- Microsoft Graph
- User.Read - Sign in and read user profile
- openid - Sign users in
- Go to “Overview” and copy the “Application (Client) ID”
- Go to “Certificates and Secrets” and create a new “Client secret” that doesn’t expire.
- Go to “Branding > Home Page URL” and set it to https://auth.rexsoftware.com/
-
Go to “Authentication” and add the following Redirect URIs:
- https://auth.rexsoftware.com/api/v1/oidc/callback
- https://auth2.rexsoftware.com/api/v1/oidc/callback
-
Go to “API permissions” and add the following permissions:
- Obtain your tenant id - https://o365hq.com/faq/how-to-find-your-office-365-tenant-id
- Provide us with the following details:
-
- Your tenant ID
- Your application (client) id
- Your client secret
- The email domain(s) or specific email addresses you wish to have the SSO login method enabled for
- A screenshot of the Overview, Authentication and API Permissions screens.
-
Label and logo you want for the "Login via {X}" button on the login screen
- Logo should be white, transparent png, 1:1 ratio
- Logo should be white, transparent png, 1:1 ratio
How to setup Google to use Rex SSO
-
Navigate to Google Developers Console.
-
Create a new project:
- Click Select a project > New Project.
- Enter project name (e.g., "Rex Software Auth") and click Create.
-
Configure OAuth consent screen:
- Select OAuth consent screen from sidebar.
- Choose External or Internal user type and click Create.
- Provide:
- Application name: e.g., "Rex Software".
- Support email: your email address.
- Authorized domain:
rexsoftware.com. - Developer contact information: your email address.
- Click Save and Continue, complete remaining prompts.
-
Create OAuth credentials:
- Select Credentials from sidebar.
- Click Create Credentials > OAuth client ID.
- Choose Web application for Application type.
- Enter a descriptive name (e.g., "Rex Software Web Client").
-
Set authorized URIs
- Authorized redirect URIs:
-
Provide us with the following details:
- Your Client ID
- Your Client Secret
- The email domain(s) or specific email addresses you wish to have the SSO login method enabled for
- A screenshot of the set up Google OAuth application.
-
Label and logo you want for the "Login via {X}" button on the login screen
- Logo should be white, transparent png, 1:1 ratio