Differences

This shows you the differences between two versions of the page.

--- sso_azure [2019/10/09 09:04] – lucy
+++ sso_azure [2022/10/04 15:18] (current) – lucy
@@ Line 17: / Line 17: @@
 {{ ::sso_azure_user2.png?600 |}}
-  * Add a new non-gallery web app to your Azure AD, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app|here]]
+===== Enable Single sign-on in Lucy =====
-{{ ::sso_azure_new_app.png?600 |}}
+  * Configure SAML-based single sign-on to your non-gallery application
+Find more about Azure AD Single Sign-on configuration [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications|here]]
-===== Enable Single sign-on in Lucy =====
+{{ ::sso_azure_enable_saml.png?600 |}}
+  * Add a new non-gallery web app to your Azure AD, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app|here]]
+{{ ::sso_azure_new_app.png?600 |}}
   * Open Lucy Admin console
   * Navigate to the **SSO Configuration** page (Settings > SSO Settings)
-  * Active the option "**Enable Active Directory FS**"
+  * Tick the option "**Enable Active Directory FS**"
   * Download a pre-configured SAML metadata file (copy the URL and paste into your web browser address bar, change the extension of the file to .XML, for example "lucy-sp.xml")
-{{ ::sso_azure_lucy_metadata_file.png?600 |}}
+{{ ::sso_azure_lucy_metadata_file.png?450 |}}
 {{ ::sso_azure_lucy_metadata_file2.png?600 |}}
-  * Configure SAML-based single sign-on to your non-gallery application, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications|here]]
-{{ ::sso_azure_enable_saml.png?600 |}}
   * Upload the pre-configured SAML metadata file
 {{ ::sso_azure_lucy_metadata_file3.png?600 |}}
+  * Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy
+{{ ::sso_azure_lucy_configs.png?600 |}}
+{{ ::sso_azure_lucy_configs2.png?400 |}}
   * Add a new Claim "__mail__" that contain an e-mail address of the user, see more [[https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization|here]]
@@ Line 51: / Line 64: @@
   * Configure Azure AD SAML token encryption, see more [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/howto-saml-token-encryption|here]]
-{{ ::sso_azure_lucy_download_ssl.png?600 |}}
+{{ ::sso_azure_lucy_download_ssl.png?400 |}}
 {{ ::sso_azure_import_ssl.png?600 |}}
@@ Line 59: / Line 72: @@
 {{ ::sso_azure_import_ssl2.png?600 |}}
-   * Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy
+  * (**optional**) You may also configure a domain name that Azure AD will use to receive authentication requests. Azure supports both single domain and range of subdomains, however, for this you need to use a wildcard SSL certificate. By default, Lucy is configured to use system domain.
-{{ ::sso_azure_lucy_configs.png?600 |}}
+To enable support for the subdomains, set the value in the Domain field in the following way ".domain.com"
+{{ ::sso_azure_domain_name.png?400 |}}
-{{ ::sso_azure_lucy_configs2.png?600 |}}
+Using wildcard domain name will allow you to use different subdomains in your campaigns. \\
+:!: Please note, Azure AD does not support multiple second-level domains in a single application.
+  * (**optional**) If the option "**Auto Login**" enabled, Lucy tries to automatically log in using Single Sign-on instead of showing the Login page.
 ===== Testing Authentication =====
@@ Line 84: / Line 101: @@
 {{ ::sso_azure_login_activity.png?600 |}}
+===== OAuth 2.0 =====
+The method of authentication is described [[microsoft_azure_oauth_2_0|here]].
 ===== Troubleshoot problems =====