Setting Up RUCKUS One Login Access for SSO Admin Group Users

RUCKUS One has an enhanced administrative feature that allows SSO users to log into RUCKUS One. In this method, users authenticated using Azure Active Directory (AD) are automatically provisioned according to the group in which they are members. This bypasses the need to directly add an individual administrator in RUCKUS One. You need to create an Admin Group by specifying the Object ID of the group defined in the AD, and assigning an RBAC role for the group. The individual users that belong to the specified group in the AD inherit the role assigned to the Admin Group and can use the AD credentials to seamlessly log into RUCKUS One.

Following are the high-level steps to configure and enable AD-defined SSO users to log into RUCKUS One:
  1. Set up SSO and define the allowed domains for user authentication. Refer to step 1 through step 5 in Setting Up SSO with a 3rd Party Provider.
  2. Create an Admin Group. Refer to Creating an Admin Group.
  3. Log in using the SSO option. Refer to Logging In Using the SSO Option.
  4. View Admin Group details. Refer to Viewing Admin Group Details.

Creating an Admin Group

When SSO is enabled, the Admin Groups tab is added to the Administrators page. You can create an Admin Group by specifying the Object ID defined in Azure AD and assigning an RBAC role for the group. The individual users that belong to the specified group inherit the role assigned to the Admin Group.

Complete the following steps to create an Admin Group.
Note: The maximum number of Admin Groups that can be created is 10.
  1. From the navigation bar, click Administration > Account Management > Administrators.
  2. Select the Admin Groups tab and click Add Group.
    The Add Admins Group window is displayed.
    Adding Admins Group
  3. Complete the following fields:
    • Group Name: Enter a name for the Admin Group.
    • Group ID: Enter the Object ID of the group defined in the Azure AD. To know how to get the Object ID from Azure AD, refer to Configuring SAML SSO with Azure AD.
    • Role: Select a role for the Admin Group from the drop-down list.
  4. Click Add to add the Admin Group.
    The newly added Admin Group is displayed in the Admin Groups tab.
    Admin Groups

Logging In Using the SSO Option

After setting up the SSO and creating the Admin Groups, the user who is a member of the Admin Group can log into RUCKUS One using SSO with their Email address. The user will be redirected to the Active Directory where the user can use the AD credentials to seamlessly log into RUCKUS One after successful SSO authentication.

Note: Only the users who belong to a domain which is included in the Allowed Domain list can access RUCKUS One. Users in the same Admin Group with a different domain that is not added to the Allowed Domains list will not be authenticated. For more information, refer to Setting Up SSO with a 3rd Party Provider.

Viewing Admin Group Details

You can view the details of the Admin Groups, group members' Email ID, and their last log-in timestamp on RUCKUS One.
Complete the following steps to view the Admin Group details.
  1. From the navigation bar, click Administration > Account Management > Administrators.
  2. Select the Admin Groups tab.
    Admin Groups
    The Admin Groups tab displays the following details:
    • Group Name: Displays the name of the Admin Group. Click on the group name to view the Email ID and the last login details of the member users of the Admin Group who have logged into RUCKUS One.
      Viewing Group Member Details
    • Group ID: Displays the group ID of the group.
    • Role: Displays the role assigned to the group.
    • Processing Priority: Defines the processing priority for the Admin Groups. You can rearrange the order of the processing priority by dragging and dropping the rows up or down. Because a user inherits the role assigned to the Admin Group, the processing priority defines the role for the user who is part of multiple Admin Groups. When a user, who is part of two Admin Groups with different RBAC roles, logs into RUCKUS One, the user gets the role assigned to the Admin Group which has the higher processing priority.