***Click '''Add,''' enter a name and click '''Create'''
=== '''Before doing anything her - see [[SSO UMS]] for more information about creating certificates and UMS SSO configuration''' ===
***Choose the name in the drop down and click '''Edit'''
***Click '''Add''' under the section '''Create new Single Sign On'''
*You will be redirected to SSO setup
****Choose '''Azure AD''' in the '''Type''' drop down
**Click '''Add,''' enter a name and click '''Create'''
****In the boxes '''Name''', '''SingleSignOnServiceUrl''' and '''SingleLogoutServiceUrl''' replace '''{TenantID}''' with the application id of your Enterprise application
**Choose the name in the drop down and click '''Edit'''
****The '''LocalCertificateFile''' must be entered with a PFX certificate. This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)
**Click '''Add''' under the section '''Create new Single Sign On'''
****The '''LocalCertificatePassword''' must be entered to be able to read the PFX certificate
***Choose '''Azure AD''' in the '''Type''' drop down
****The '''PartnerCertificateFile''' is a certificate the is generated during Azure SSO setup (The file downloaded from '''Certificate (Raw)'''). Remember to include the filename extension
***In the boxes '''Name''', '''SingleSignOnServiceUrl''' and '''SingleLogoutServiceUrl''' replace '''{TenantID}''' with the application id of your Enterprise application
*****This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)
***The '''LocalCertificateFile''' must be entered with a PFX certificate. This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot) - THIS MUST '''NOT''' BE THE WEB COMMUNICATION CERTIFICATE, please use a different certificate.
****Click '''Save'''
***The '''LocalCertificatePassword''' must be entered to be able to read the PFX certificate
***Click '''Enable'''
***The '''PartnerCertificateFile''' is a certificate the is generated during Azure SSO setup (The file downloaded from '''Certificate (Raw)'''). Remember to include the filename extension
****This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)
***Click '''Save'''
***Click '''Save'''
***Click '''Add to website'''
**Click '''Enable'''
***Choose website setting and click '''Add'''
**Click '''Save'''
**
**Click '''Add to website'''
**Choose website setting and click '''Add'''
*
*Open UMS '''Configurator''' program
*Open UMS '''Configurator''' program
**Click '''Web Setup'''
**Click '''Web Setup'''
Line 70:
Line 74:
*Restart IIS
*Restart IIS
*The changes above may take some time to be distributed into Client Tenant system
*The changes above may take some time to be distributed into Client Tenant system
*
*
<br />
<br />
Line 87:
Line 89:
See also [[Password Change Azure AD]]<br />
See also [[Password Change Azure AD]]<br />
=== UMS Graph API connection in Office365 Tenant settings ===
=== Notice when using "Check Login in Azure AD" in Web Setup ===
When creating the Office365 tenant settings, just add the client_id and clientsecret from the SSO APP registration settings created above.
In order to work the user-domain needs to be configured in both Office365 Tenant-settings and User-settings.
==FAQ :==
If you get this message when trying to connect it might be a matter of waiting for Client tenant distribution
[[File:SSO login error message.png|thumb|none]]
=== Cross-origin token redemption is permitted only for the 'Single-Page Application' ===
=== Cross-origin token redemption is permitted only for the 'Single-Page Application' ===
If this error occurs, this is most likely the authentication settings on the UMS App registration. Web should be filled out with localhost as the image below displays and the Single-page application should be your UMS Web URL.
If this error occurs, this is most likely the authentication settings on the UMS App registration. Web should be filled out with localhost as the image below displays and the Single-page application should be your UMS Web URL.
In most cases this would be something like <nowiki>https://ums.enterschoolnamehere.dk</nowiki>.[[File:Azure App Registration Authentication.png|thumb|634x634px|left]]
In most cases this would be something like <nowiki>https://ums.enterschoolnamehere.dk</nowiki>.[[File:Azure_App_Registration_Authentication.png|none|thumb|700x700px]]
This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)
Find Azure Active Directory
Find App registrations
Find your application that was created as an Enterprise applications
Click API permissions
Click Add a permission
Click Microsoft Graph
Click Application permissions
Add these permissions
User.ReadWrite.All
UserAuthenticationMethod.ReadWrite.All
Click Grant admin consent for {Tenant}
Click Yes
Open SQL Management Studio connect to the database
Run this SQL Command
Update UMSWebGeneralSettings Set SetSSO = 1
Open UMS
Before doing anything her - see SSO UMS for more information about creating certificates and UMS SSO configuration
You will be redirected to SSO setup
Click Add, enter a name and click Create
Choose the name in the drop down and click Edit
Click Add under the section Create new Single Sign On
Choose Azure AD in the Type drop down
In the boxes Name, SingleSignOnServiceUrl and SingleLogoutServiceUrl replace {TenantID} with the application id of your Enterprise application
The LocalCertificateFile must be entered with a PFX certificate. This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot) - THIS MUST NOT BE THE WEB COMMUNICATION CERTIFICATE, please use a different certificate.
The LocalCertificatePassword must be entered to be able to read the PFX certificate
The PartnerCertificateFile is a certificate the is generated during Azure SSO setup (The file downloaded from Certificate (Raw)). Remember to include the filename extension
This file must be placed in the root directory of your UMS Academic installation (Normally C:\inetpub\wwwroot)
Click Save
Click Enable
Click Save
Click Add to website
Choose website setting and click Add
Open UMS Configurator program
Click Web Setup
Select General settings
Select Azure AD in the Check login against drop down list
Open SQL Management Studio on the UMS Server and connect to the database
Run this SQL Command
Update UMSWebGeneralSettings Set SetSSO = 0
Restart IIS
The changes above may take some time to be distributed into Client Tenant system
Reset password for others
Go to Azure Active Directory
Click Roles and administrators
Find Password administrator
Click Add assignments
Find the name of the Enterprise application you created earlier
Notice when using "Check Login in Azure AD" in Web Setup
In order to work the user-domain needs to be configured in both Office365 Tenant-settings and User-settings.
FAQ :
If you get this message when trying to connect it might be a matter of waiting for Client tenant distribution
Cross-origin token redemption is permitted only for the 'Single-Page Application'
If this error occurs, this is most likely the authentication settings on the UMS App registration. Web should be filled out with localhost as the image below displays and the Single-page application should be your UMS Web URL.
In most cases this would be something like https://ums.enterschoolnamehere.dk.