User Tools

Site Tools


sso_azure

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
sso_azure [2019/10/09 09:04] lucysso_azure [2019/11/14 13:03] lucy
Line 17: Line 17:
 {{ ::sso_azure_user2.png?600 |}} {{ ::sso_azure_user2.png?600 |}}
  
-  * Add a new non-gallery web app to your Azure AD, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app|here]]+===== Enable Single sign-on in Lucy =====
  
-{{ ::sso_azure_new_app.png?600 |}}+  * Configure SAML-based single sign-on to your non-gallery application
  
 +Find more about Azure AD Single Sign-on configuration [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications|here]]
  
-===== Enable Single sign-on in Lucy =====+{{ ::sso_azure_enable_saml.png?600 |}} 
 + 
 +  * Add a new non-gallery web app to your Azure AD, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app|here]] 
 + 
 +{{ ::sso_azure_new_app.png?600 |}}
  
   * Open Lucy Admin console   * Open Lucy Admin console
 +
   * Navigate to the **SSO Configuration** page (Settings > SSO Settings)   * Navigate to the **SSO Configuration** page (Settings > SSO Settings)
-  * Active the option "**Enable Active Directory FS**" 
-  * Download a pre-configured SAML metadata file (copy the URL and paste into your web browser address bar, change the extension of the file to .XML, for example "lucy-sp.xml") 
  
-{{ ::sso_azure_lucy_metadata_file.png?600 |}}+  * Tick the option "**Enable Active Directory FS**"
  
-{{ ::sso_azure_lucy_metadata_file2.png?600 |}}+  * Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy
  
-  * Configure SAML-based single sign-on to your non-gallery application, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications|here]]+{{ ::sso_azure_lucy_configs.png?600 |}}
  
-{{ ::sso_azure_enable_saml.png?600 |}}+{{ ::sso_azure_lucy_configs2.png?400 |}} 
 + 
 +  * Download a pre-configured SAML metadata file (copy the URL and paste into your web browser address bar, change the extension of the file to .XML, for example "lucy-sp.xml"
 + 
 +{{ ::sso_azure_lucy_metadata_file.png?450 |}} 
 + 
 +{{ ::sso_azure_lucy_metadata_file2.png?600 |}}
  
 + 
   * Upload the pre-configured SAML metadata file   * Upload the pre-configured SAML metadata file
  
Line 51: Line 62:
   * Configure Azure AD SAML token encryption, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/howto-saml-token-encryption|here]]   * Configure Azure AD SAML token encryption, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/howto-saml-token-encryption|here]]
  
-{{ ::sso_azure_lucy_download_ssl.png?600 |}}+{{ ::sso_azure_lucy_download_ssl.png?400 |}}
  
 {{ ::sso_azure_import_ssl.png?600 |}} {{ ::sso_azure_import_ssl.png?600 |}}
Line 59: Line 70:
 {{ ::sso_azure_import_ssl2.png?600 |}} {{ ::sso_azure_import_ssl2.png?600 |}}
  
-   Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy+  (**optional**) You may also configure a domain name that Azure AD will use to receive authentication requests. Azure supports both single domain and range of subdomains, however, for this you need to use a wildcard SSL certificate. By default, Lucy is configured to use system domain.
  
-{{ ::sso_azure_lucy_configs.png?600 |}}+To enable support for the subdomains, set the value in the Domain field in the following way ".domain.com" 
 + 
 +{{ ::sso_azure_domain_name.png?400 |}} 
 + 
 +Using wildcard domain name will allow you to use different subdomains in your campaigns. \\ 
 +:!: Please note, Azure AD does not support multiple second-level domains in a single application.
  
-{{ ::sso_azure_lucy_configs2.png?600 |}}+  * (**optional**) If the option "**Auto Login**" enabled, Lucy tries to automatically log in using Single Sign-on instead of showing the Login page.
  
  
sso_azure.txt · Last modified: 2022/10/04 15:18 by lucy