SSO configuration
A user with administrative privileges on an RI Platform instance can configure single sign-on (SSO) to integrate with an external identity provider. The RI Platform supports the OpenID Connect (OIDC) authentication mechanism.
Note: Administrative operations cannot be performed while logged in using SSO.
User accounts configured to use SSO cannot be assigned membership in a workspace before logging in with SSO once.
Configuring SSO
Sign in to a user account that has administrative privileges for an RI Platform instance.
The Workspaces page appears.
Click the Settings icon in the lower left.
The Organization Settings page appears.
Click SSO Configuration.
The SSO Configuration pane appears.
In Client ID, type the client ID for OIDC.
In Client Secret, type the client secret for OIDC.
In Issuer URL, type the URL of the OIDC issuer.
Click Save.
The RI Platform instance is now configured to use SSO authentication.
Identity Provider Setup
RIME supports all OIDC providers. The following sections provide specific instructions for individual OIDC providers.
Add https://rime.<domain>/v1/auth/oidc/callback as a callback URL for the OIDC provider.
When this URL is not valid, attempting to log in results in a 403 Forbidden HTTP status code.
When a signout URL is necessary, use https://rime.<domain>/sign-out.
Azure Active Directory
Register a new application with a Web platform configuration using the callback and signout URLs above.
The Issuer URL for RIME takes the form https://login.microsoftonline.com/{tenant}/v2.0.
For more information, see the Azure AD documentation.
Okta
Create a new App Integration using the OIDC - OpenID Connect sign-in method and Web Application type. Use the callback and signout URLs described above.
After creating the application, retrieve the Client ID and secret from the application overview page.
The Issuer URL for RIME takes the form https://<organization>.okta.com.
For more information, see the Okta documentation.