Single sign-on (SSO) is an authentication process that allows users to securely access multiple related applications or systems using just one set of credentials. SSO has been prevalent in many organizations during the past years and plays an important role.
Note: This feature is available with the Enterprise plan only.
In this article, we'll see how to enable the SSO feature for Joomag in your Microsoft Azure account.
Note: You will need to have one of the following roles: Global Administrator; Cloud Application Administrator; Application Administrator or owner to start the configurations. Find more information about assigning roles to the users here.
1. Go to the Azure Active Directory Admin Center and sign in
2. Click Enterprise Applications from the left menu
and create a new application (that is Joomag)
3. You will be directed to the Azure AD Gallery where you will need to create the application by clicking + Create your own application button
4. In the right panel enter the name of your application (Joomag) and make sure to choose the third option
5. Once the Joomag is added to the applications you will see the following screen where you will need to click the Single sign-on to start the setup process
6. Make sure to choose the SAML as your SSO method and then perform a basic SAML configuration by adding the identifier
-
Go to your Joomag Account settings
-
Scroll down and click on the Single Sign-on dropdown
-
Copy the Audience URL (Service Provider Entity ID). Go back to the Basic SAML Configuration panel and add the copied ID in the respective field
7. Go back again the Joomag Account settings and copy the Sign on URL, ACS, Recipient, or Redirect link and add it to the Reply URL field. Do not forget to click Save once done
We are almost there! Now let's check step 3: SAML Signing Certification configurations. We need to access certain SAML Signing Certificate information that will be stored in our Joomag installation directory.
8. Now we need to configure the user assignment properties in Azure AD.
-
Click Properties in the Manage menu on the left
-
Select Yes or No in the Assignment required option
-
Yes: you will be able to add users' email addresses who will be able to access the Joomag account. If a user whose email address was not added tries to log in a failure message will be shown
-
No: no need to add users, as once scopes are defined each user will be presented with a permission grant page when they try to log in
-
Finally, download the certificate (Base 64) from step 3 to use the files when configuring the SSO settings in Joomag.
9. Open the downloaded file with Notpad ++ (click here to download the program if you don't have it on your device)
10. Copy and paste the content of the certificate in the Joomag SSO settings X.509 Certificate field
11. Go back to the Single Sign-on page in your Azure AD and in the step 4 copy Azure AD Identifier and paste it in the Identity Provider Identifier or Issuer URL in Joomag
Perform same steps with the Login URL and paste it in the Identity Provider Single Sign-On URL field in Joomag
Do not forget to click Enable Single Sign-on button at the end of the process.
Congratulations! You have successfully enabled the SSO feature.