Top

SSO / Login via Azure

Note: This is an advanced feature only available for customers on the Enterprise plan. Implementation requires advanced technical knowledge.

Rex supports the ability to let users login with their external authentication provider via Open ID Connect. This means, after entering their email on the Rex login screen, users will see a button labelled “Login via {YOUR_APP}” which - when clicked - will navigate to your external authentication provider and redirect back to Rex upon successful login.

This is a fantastic quality of life improvement and can help avoid users regularly worrying about forgetting their Rex password. There are two primary limitations to keep in mind, however:

  1. Currently, the only provider supported is Azure Active Directory/Office 365. Support for other providers - such as Google - will be available as a future improvement.
  2. This functionality only enables a convenient login method, and does not support remote provisioning or disabling of users.
    Users will still need to be invited from Rex, accept an invite from Rex, and
    provide a password, before being able to log in via SSO. The feature exists to
    provide user convenience for easier logging in, rather than serving as a full
    blown alternative to Rex’s user management system.
  3. With SSO active, all users will still be able to fallback to a password login if they choose.

Azure Active Directory Setup

To proceed with Open ID Connect setup we’ll need you to follow the following steps and then provide us with the 4 pieces of information requested below.

If you have any issues obtaining any of this, please let us know.

  1. Register app: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
    1. Provide any name for the application (users will see this when logging in via azure)
    2. Leave redirect uri empty for now
  2. Go to the registered application, then:
    1. Go to “API permissions” and add the following permissions:
      1. Microsoft Graph
      2. User.Read - Sign in and read user profile
      3. openid - Sign users in
    2. Go to “Overview” and copy the “Application (Client) ID”
    3. Go to “Certificates and Secrets” and create a new “Client secret” that doesn’t expire.
    4. Go to “Branding > Home Page URL” and set it to https://auth.rexsoftware.com/
    5. Go to “Authentication” and add the following Redirect URIs:
      1. https://auth.rexsoftware.com/api/v1/oidc/callback
      2. https://auth2.rexsoftware.com/api/v1/oidc/callback
  3. Obtain your tenant id - https://o365hq.com/faq/how-to-find-your-office-365-tenant-id
  4. Provide us with the following details:
    1. Your tenant ID
    2. Your application (client) id
    3. Your client secret
    4. The email domain(s) or specific email addresses you wish to have the SSO login method enabled for
    5. A screenshot of the Overview, Authentication and API Permissions screens.
Back to top
Powered by Zendesk