User Tools

Site Tools


sso_azure

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
sso_azure [2019/10/09 09:04] lucysso_azure [2019/11/14 09:34] lucy
Line 17: Line 17:
 {{ ::sso_azure_user2.png?600 |}} {{ ::sso_azure_user2.png?600 |}}
  
-  * Add a new non-gallery web app to your Azure AD, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app|here]]+===== Enable Single sign-on in Lucy =====
  
-{{ ::sso_azure_new_app.png?600 |}}+  * Configure SAML-based single sign-on to your non-gallery application
  
 +Find more about Azure AD Single Sign-on configuration [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications|here]]
  
-===== Enable Single sign-on in Lucy =====+{{ ::sso_azure_enable_saml.png?600 |}} 
 + 
 +  * Add a new non-gallery web app to your Azure AD, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app|here]] 
 + 
 +{{ ::sso_azure_new_app.png?600 |}}
  
   * Open Lucy Admin console   * Open Lucy Admin console
 +
   * Navigate to the **SSO Configuration** page (Settings > SSO Settings)   * Navigate to the **SSO Configuration** page (Settings > SSO Settings)
-  * Active the option "**Enable Active Directory FS**" 
-  * Download a pre-configured SAML metadata file (copy the URL and paste into your web browser address bar, change the extension of the file to .XML, for example "lucy-sp.xml") 
  
-{{ ::sso_azure_lucy_metadata_file.png?600 |}}+  * Tick the option "**Enable Active Directory FS**"
  
-{{ ::sso_azure_lucy_metadata_file2.png?600 |}}+  * Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy
  
-  * Configure SAML-based single sign-on to your non-gallery application, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications|here]]+{{ ::sso_azure_lucy_configs.png?600 |}}
  
-{{ ::sso_azure_enable_saml.png?600 |}}+{{ ::sso_azure_lucy_configs2.png?400 |}} 
 + 
 +  * Download a pre-configured SAML metadata file (copy the URL and paste into your web browser address bar, change the extension of the file to .XML, for example "lucy-sp.xml"
 + 
 +{{ ::sso_azure_lucy_metadata_file.png?450 |}} 
 + 
 +{{ ::sso_azure_lucy_metadata_file2.png?600 |}}
  
 + 
   * Upload the pre-configured SAML metadata file   * Upload the pre-configured SAML metadata file
  
Line 51: Line 62:
   * Configure Azure AD SAML token encryption, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/howto-saml-token-encryption|here]]   * Configure Azure AD SAML token encryption, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/howto-saml-token-encryption|here]]
  
-{{ ::sso_azure_lucy_download_ssl.png?600 |}}+{{ ::sso_azure_lucy_download_ssl.png?400 |}}
  
 {{ ::sso_azure_import_ssl.png?600 |}} {{ ::sso_azure_import_ssl.png?600 |}}
Line 58: Line 69:
  
 {{ ::sso_azure_import_ssl2.png?600 |}} {{ ::sso_azure_import_ssl2.png?600 |}}
- 
-   * Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy 
- 
-{{ ::sso_azure_lucy_configs.png?600 |}} 
- 
-{{ ::sso_azure_lucy_configs2.png?600 |}} 
  
  
Line 84: Line 89:
 {{ ::sso_azure_login_activity.png?600 |}} {{ ::sso_azure_login_activity.png?600 |}}
  
 +  * (optional) You may also configure a domain name that Azure AD will use to receive authentication requests. Azure supports both single domain and range of subdomains, however, for this you need to use a wildcard SSL certificate. By default, Lucy is configured to use system domain.
 +
 +To enable support for the subdomains, set the value in the Domain field in the following way ".domain.com"
 +
 +{{ ::sso_azure_domain_name.png?400 |}}
 +
 +Using wildcard domain name will allow you to use different subdomains in your campaigns. \\
 +:!: Please note, Azure AD does not support multiple second-level domains in a single application.
  
 ===== Troubleshoot problems ===== ===== Troubleshoot problems =====
sso_azure.txt · Last modified: 2022/10/04 15:18 by lucy