Set up Azure AD SAML-based SSO

Superusers can configure single sign-on to the Rumble Console using an external identity provider (IdP), which enables authentication and user access control to the Rumble Console from your single sign-on (SSO) solution. By default, Rumble has SSO functionality available, but it’s not a requirement to log in to the console. You can make it a requirement or disable it completely.

Here are the high-level steps to set up SSO using Azure AD to authenticate and manage user access to Rumble:

  1. Add and configure Rumble as an Azure AD app.
  2. Download the SSO configuration metadata in XML format.
  3. Set up SSO in Rumble.
  4. Add users to your Rumble app in Azure AD.

Requirements

Before you can set up SSO for Azure AD:

  • Verify that you have administrator privileges for Azure AD.
  • Verify that you are a superuser in Rumble. Look for the yellow star in your account status.

Step 1: Add and configure Rumble as an Azure app

The first thing you need to do is add Rumble as a non-gallery application to your Azure AD setup and to configure the settings for Rumble as an Azure AD application.

  1. In Azure, go to Enterprise Applications > New Application > Create your own application.
  2. Under the What are you looking to do with your application? section, choose the Non-gallery application option.
  3. Name your application something like Rumble, and then add it.
  4. Go to Azure Active Directory > Enterprise applications and open the newly created Rumble application.
  5. Select the Single sign-on tab, and then choose SAML as the sign-on method.
  6. For the fields on the Configure App Settings page, go to https://console.rumble.run/team/sso/sp and copy the necessary service provider details:
    • Entity ID
    • Single sign-on URL
    • SSO callback (ACS) URL
  7. Enter the values into the relevant fields in the Azure AD portal.

Step 2: Download the SSO configuration metadata

While editing your application settings, you can get the download link to obtain the SSO configuration metadata in XML. You’ll need this information to set up SSO in Rumble.

  1. On the Configure App Settings page, find the SAML Signing Certificate section.
  2. Locate the XML download link under the Federation Metadata URL.
  3. Download the file. You’ll need the contents of this file for the next step.

Step 3: Set up Azure AD SSO in Rumble

Now that you have the SSO configuration metadata in XML, you can configure Azure AD SSO settings in Rumble.

  1. Go to https://console.rumble.run/team/sso/idp to access the SSO IdP provider settings page in Rumble.
  2. Choose one of the following modes to enable SSO:
    • Allowed - Enables SSO, but users still have the option to login without SSO.
    • Required - Requires users to log in with SSO. Only superusers can log in without SSO.
  3. Enter the domain name that is associated with SSO authentication. This is likely your company domain (companyabc.com).
  4. Choose a default role for SSO users. This is the role all new users will be assigned when their account is created.
  5. Copy the XML you downloaded from Azure and paste it into the Metadata XML field on the Rumble SSO IdP page.
  6. Apply your SSO settings. The remaining IdP fields will auto-configure for you.
    • The issuer URL will look something like https://sts.windows.net/00000000-0000-0000-0000-000000000000/ where the UUID at the end is your unique Microsoft Active Directory (tenant) ID, listed under App registrations > Overview > Endpoints.
    • The login URL will be something like https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/saml2 with the zero UUID replaced with your unique tenant ID.
    • The certificate will be Microsoft’s PEM encoded certificate, which will be extracted automatically from the XML.
    • On the Microsoft side, the redirection URL for Rumble should be https://console.rumble.run/auth//saml20/process, where is replaced with the domain specified in the Rumble SSO settings.

Step 4: Add users to the Rumble app in Azure

Now that you’ve completed the set up, you can go to the Rumble app in Azure portal to add users and assign their access. Any users you add to the Rumble app will be viewable from the Team members page in Rumble, once they have logged into Rumble.