Setup in AD FS
Open AD FS management tool and go to Relying Party Trust
...
Get the Metadatafederation url for next step. It will most likely be: https://YourADDomain/FederationMetadata/2007-06/FederationMetadata.xml
Setup of Media manager
Login to the media manager with a Super administrator.
Go to “Settings” - “General settings” - “SSO“
Select SAML2
Insert a Template member user ID. You can use the guest user if you want low access: 30006 (Or you can create a template user that matches your need)
Select the Sync level
Enter a name
In the Entity ID you insert the same URL as you used for you redirect URI (https://DAMURL/DigizuiteCore/LoginService)
Signing behavior:
IfIdpWantAuthnRequestsSigned
Under Identity providers enter
Entity ID: Open the Metadata federation URL from the Azure Active directory. It will have your Entity ID
...
Metadata location: The federation metadata URL
Now Press Save and then Activate.
Once it says “Latest is active” the SSO configuration is enabled
Example of a configuration:
...
Setup of Sync groups in the DAM
If you have selected FullSync or AddOnly in your Group sync level you will need to setup your group binding in the DAM.
You will need to Login with a super administrator and go to:
System tools- Users and groups - Groups
Find the group you want to bind and do the following:
...
In the Binding group name you can input either the domain/groupname or the group SID.
Troubleshooting
You can enable the logging of SSO in the DAM website folder\DigizuiteCore\loginservice\appsettings.json
By setting the "EnableLocalLogging": true
That will give you more information on the errors you encounter
Known issues
/wiki/spaces/PSBOK/pages/2262040577
Currently you need membership of atleast 1 group if Full sync or AddOnly is enabled before your allowed to login