Enabling SSO with a Third-Party Provider

With the Single Sign-On (SSO) feature enabled, you can configure your own authentication server for administrative log on and log in to RUCKUS One using a third-party authentication server.

Setting Up SSO with a 3rd Party Provider

Complete the following steps to configure SSO with a third-party provider.
Note: Only administrators with Prime Admin role can set up SSO.
  1. From the navigation bar, click Administration > Account Management > Settings.
    Enabling SSO With Third-Party Provider
  2. In the Enable SSO with 3rd Party provider section, click Set Up.
    Note: Currently, only Azure Active Directory is officially supported. The following protocol is supported:
    • SAML
    The Set Up SSO with 3rd Party Provider sidebar is displayed.
    Setting Up SSO
  3. Complete the following fields:
    • Allowed Domains: Enter the domains that are allowed for user authentication. Only the users that belong to a domain included in the Allowed Domain list can access RUCKUS One. You can add multiple domains separated by commas. The allowed domains must be unique.
    • ldP Metadata: Enter the Identity Provider (IdP) Metadata that is provided by the third party. For more information on how to get the IdP Metadata, refer to Configuring SAML SSO with Azure AD. You have two options:
      • Upload the .xml file containing the IdP Metadata.
      • Click Paste IdP Metadata code or link instead and enter the IdP Metadata (XML code) or the URL in the field.
  4. Require SAML requests to be signed: Click the toggle switch to Yes to enable tenant administrators to sign SAML requests to an external IdP.
  5. (Optional) Configure a Server Certificate: You can enable SAML response encryption in your IDP setup for additional security.

    As a prerequisite, before enabling the SAML response encryption, you must upload a public server certificate and private key combination from the Network Control > Policies & Profiles > Certificate Template page. Alternatively, you can use the public API (https://docs.ruckus.cloud/api/) to generate a public server certificate instead of uploading your own.

    Use the search filter to search and select the already uploaded or generated server certificates in your tenant. In the text box, enter a partial (at least three characters) or full certificate name to select the certificate profile to be used for decryption based on the configuration done on your IDP setup.

  6. Click Apply to set up the SSO. The allowed domains are displayed along with the options to Edit or Delete the IdP Metadata, View XML Code, Manage SSO Users, and Download IdP Metadata.
    Managing SSO Users
  7. (Optional) Click Edit to edit the IdP Metadata.
  8. (Optional) Click Delete to delete the IdP Metadata.
    Note: You cannot delete the SSO configuration if an admin account is associated with it.
  9. (Optional) Under the IdP Metadata section, the following fields appear:
    • View XML Code: Click View XML Code to view the IdP Metadata.
    • Require SAML requests to be signed: Displays the status as YES or NO.
    • SSO SAML Decryption Certificate: Displays the name of the SSO SAML decryption certificate. If you remove the uploaded custom certificate from the Configuring a Server Certificate field, then the SSO SAML Decryption Certificate field disappears from the IdP Metadata section.
    • Manage SSO Users: Click on Manage SSO Users to go to the Users & Privileges page to add administrators.
      1. On the Users & Privileges page, click Add User. The Add New User sidebar is displayed.
      2. For Authentication Type, select SSO with 3rd Party.
      3. For Email, enter the email address of the administrator.
      4. (Optional) For First Name, enter the first name of the administrator.
      5. (Optional) For the Family Name, enter the family name of the administrator.
      6. For Privilege Group, select the privilege group of the administrator. Available options are:
        • Prime Admin
        • Administrator
        • Guest User
        • Read-Only
        • DPSK Manager
      7. Click Add User.

        The newly added administrator with 3rd-party SSO authentication is displayed in the Users page.

        Users Sub-tab
    • Download SAML Metadata: Click Download SAML Metadata to download the IdP Metadata. After enabling and configuring SSO, a tenant administrator can download the SAML metadata XML file.