Changes

Jump to: navigation, search

SSO/Office365

1,364 bytes added, 16 September
no edit summary
'''This feature requires the SSO module included in License'''
 
'''You also need Office365 Tenant settings to be setup in configurator (Must be same tenant as users are synced with)'''
 
==How to use Office 365 as login provider instead of Active Directory==
You need to create an '''Enterprise application'''
Login into [https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/ portal.azure.com]
*Find '''Azure Active Directory'''
*Find '''Enterprise applications'''
*Click '''New application'''
*Click '''Create your own application'''
****'''<nowiki>https://{URL}/SSO/AssertionConsumerServiceAzureAd.aspx</nowiki>'''
**Under '''SAML Signing Certificate'''
***Click download for '''Certificate (Base64RAW)'''
***This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)
*Find '''Azure Active Directory'''*Find '''App registrations'''*Find your application that was created as an '''Enterprise applications'''**Click '''API permissions'''**Click '''Add a permission'''***Click '''Microsoft Graph'''****Click A'''pplication permissions'''*****Add these permissions******User.ReadWrite.All******UserAuthenticationMethod.ReadWrite.All**Click '''Grant admin consent for {Tenant}'''***Click '''Yes'''*Open '''SQL Management Studio on the UMS Server and ''' connect to the database
**Run this SQL Command
***Update UMSWebGeneralSettings Set SetSSO = 1
*Login to Open UMS web
**You will be redirected to SSO setup
***Click '''Add,''' enter a name and click '''Create'''
***Click '''Add''' under the section '''Create new Single Sign On'''
****Choose '''Azure AD''' in the '''Type''' drop down
****In the boxes '''Name''', '''SingleSignOnServiceUrl''' and '''SingleLogoutServiceUrl''' replace '''{appIdTenantID}''' with the application id of your Enterprise application
****The '''LocalCertificateFile''' must be entered with a PFX certificate. This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)
****The '''LocalCertificatePassword''' must be entered to be able to read the PFX certificate
****The '''PartnerCertificateFile''' is a certificate the is generated during Azure SSO setup in portal(The file downloaded from '''Certificate (Raw)'''). Remember to include the filename extension*****This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)****Click '''Save'''***Click '''Enable'''***Click '''Save'''***Click '''Add to website'''***Choose website setting and click '''Add'''
**
*Open UMS '''Configurator''' program
***Update UMSWebGeneralSettings Set SetSSO = 0
*Restart IIS
*The changes above may take some time to be distributed into Client Tenant system
*
*
<br />
 
=== UMS Graph API connection in Office365 Tenant settings ===
When creating the Office365 tenant settings, just add the client_id and clientsecret from the SSO APP registration settings created above.
 
==FAQ :==
If you get this message when trying to connect it might be a matter of waiting for Client tenant distribution
[[File:SSO login error message.png|left|thumb]]
 
*
19
edits

Navigation menu