Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 10 Next »

Setup of the Azure Active directory

Login to the you Azure Active Directory admin center.

Go to App registration and create a new registration.

Give it a fitting name and select the correct account types.

In the redirect URI you will need to insert (Replace DAMURL)
https://DAMURL/DigizuiteCore/LoginService

Example:

When the application has been setup, go to the “Expose an API” and set the Application ID URI

It needs to be the same URI as the redirect URI (This only works if the domain is trusted by Azure tenant) or the default App URI.

OR

Go to Token configuration and add the following tokens:

Note: For groups we suggest adding the “Group ID”

After adding the UPN claim Edit it and make sure to set (If you want guest invites to access the DAM)

Make sure to select ONLY ‘Groups assigned to the application’ : (How to Add groups to application: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users )

(warning) This in order to prevent a ‘HTTP 400 - Bad Request (Request header too long)’ or similar error if a lot of security groups are passed via the request.

Now get the Metadata federation URL its needed in the next part:

Setup of the Media manager (Digizuite configuration only)

Login to the media manager with a Super administrator.

Go to “Settings” - “General settings” - “SSO“

Select SAML2

Insert a Template member user ID. You can use the guest user if you want low access: 30006 (Or you can create a template user that matches your need)

Select the Sync level

Enter a name

In the Entity ID you insert the same URL as you used for you redirect URI (https://DAMURL/DigizuiteCore/LoginService) OR api://{GUID]} - e.g. api://d530289c-c796-4521-b0e0-17c9ab986791

Signing behavior:

IfIdpWantAuthnRequestsSigned

Under Identity providers enter

Entity ID: Open the Metadata federation URL from the Azure Active directory. It will have your Entity ID

Metadata location: The federation metadata URL

Now Press Save and then Activate.

Once it says “Latest is active” the SSO configuration is enabled

Example of a configuration:

Setup of Sync groups in the DAM

If you have selected FullSync or AddOnly in your Group sync level you will need to setup your group binding in the DAM.

You will need to Login with a super administrator and go to:

System tools- Users and groups - Groups

Find the group you want to bind and do the following:

Get the groups Object Id from the Azure:

Enter that ID into the Binding group name and enter “Is binding group”

Repeat this process for all the groups that should be synced.

Setup of connectors or media manager:

Set a connector or Media manager to use SSO login

Troubleshooting and known issues:

How to troubleshoot SSO and known issues

  • No labels