I recently set up SSO on our Rubrik backup device and had a hard time finding a thorough walkthrough, so I put this together in hopes that it will help someone else out. My suggestion would be to read it over once paying attention to the notes I threw in there before starting. Ready? Ok, let’s do it!
We’ll start with configuring an Identity Provider (IDP) in Rubrik, then we’ll jump back and forth between Azure Active Directory (AAD), and back to Rubrik to get everything set up, so I’d suggest keeping them open in separate windows or tabs.
Let’s start In Rubrik (this article was written using version 5.3.2-p3-19174):
Login with an admin account, go to settings / users, then click on the identity providers tab
In Azure AD (https://aad.portal.azure.com):
Go to AAD admin center, click on
Name your app & select “Integrate any other application you don’t find in the gallery (Non-gallery), then click
Click on
Click on
Here’s where you specify the file you downloaded from Rubrik (click the
Next, click on
Then click on
Now let’s go back to
Now back to Rubrik:
You left that webpage open, right? Let’s click on
Rubrik support verified with me that searching the IDP from the Rubrik roles doesn’t work, so we’ll need to check our Azure AD user or group for the exact, case-sensitive name to be used in Rubrik before adding them.
I went to https://admin.microsoft.com and looked up the Username under Active users.
Next, on Rubrik, go to the
In my case, I’m setting myself up as an administrator, so I gave the administrator role & clicked
Now that the setup is done, in Rubrik, go to the Identity Providers tab again, then click the
The first time I tested, I got this error:
After working with the awesome support at Rubrik, they gave me 2 suggestions. First, I followed the instructions in this article which may be needed to alleviate this issue:
https://support.rubrik.com/s/article/000004506
For troubleshooting, you can also do a test from the application in Azure. At the top of the Single sign-on, is a link
You can test from AAD with the account you signed into Azure with, or you can sign in as someone else.
In conclusion, there were a few little “gotchas” as I went through this process, but I hope I was able to put the steps and notes together to help you avoid them. If the time I spent working with support & figuring this out and documenting it saves someone else a little frustration, then it was all worth it. I must admit, being able to login via SSO is pretty cool too.
It just so happens that LookingPoint offers multiple IT services if you’re interested. Want more information, give us a call! Please reach out to us at sales@lookingpoint.com and we’ll be happy to help!