...
Info |
---|
About SAML Single Sign-On in SMACS Single Sign-On can be setup in SMACS against any Identity Provider (IdP) which supports SAML 2.0. This guide covers the steps required to setup SAML SSO against Azure. For an exhaustive list of supported IDP’s, visit SAML-based products and services. |
Add SMACS as an Enterprise Application in Azure
Note |
---|
Wildcard Certificates are not supported for SSO. |
...
Tip |
---|
The Enterprise Application is now added ✔ |
Anchor | ||||
---|---|---|---|---|
|
Click on Single Sign-On from the left vertical menu.
Click on the SAML Single Sign-On method.
Click on Upload metadata file
Click on the folder icon and point to the SMACS SP Metadata to upload it.
Once uploaded, a panel with your Basic SAML Configuration will appear on the right hand side which will be populated with values for your Identifier and Reply URL. Click Save.
Once saved, click on the Download link next to Federation Metadata XML
Anchor | ||||
---|---|---|---|---|
|
Go to your ZIRO tenant, acces the SAML Single Sign-On Page from the vertical Admin menu.
Click Import IdP Metadata and point the file you downloaded in the previous step from Azure.
Click on the Enable Single Sign-On toggle.
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
If you have previously uploaded metadata to your ZIRO instance (i.e. previously attempted to configure SSO), a restart of the smacs service is required from the stack8-console. See below. |
...
Anchor | ||||
---|---|---|---|---|
|
From the Enterprise Application you added in the previous steps, select Attributes & Claims from the left-hand vertical menu.
Click on the ellipsis to modify the Unique User Identifier (Name ID)
Change the default Name Identifier format and Source Attribute
Name Identifier format should be set to Unspecified
Source Attribute should be set to user.onpremisesamaccountname
Click Save.
Anchor | ||||
---|---|---|---|---|
|
From the Enterprise Application you added in the previous steps, select Users and groups from the left-hand vertical menu.
Click on + Add user/group
Click on None Selected
A search panel will appear on the right hand side. Use it search for and select the individual users or groups who should be able to log into your SMACS tenant via Single Sign-Onand click Select.
Anchor | ||||
---|---|---|---|---|
|
Return to the Single Sign-On section of your newly added Enterprise Application and click Test at the bottom of the page.
A panel will appear with testing options on the right hand side of the page, select Sign in as current user option and click Test sign in.
If you completed the previous steps correctly, you will be presented with the SMACS home screen.
...