Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
When Please ensure that you have gathered all the requirements needed for this section. If not, please visit the requirements documentation.
Only when all requirements have been met, you're now ll be able to enable AAD login for the Digizuite.
Digizuite ConfigurationDigizuite products.
Configuration in the web.config (optional)
There are three login modes for your products: One where you can only log in with SSO (value="sso"), one where you can only log in using normal login - i.e. disable SSO (value="normal"), and lastly, one where both login modes are enabled simultaneously (value="mixed").
By default, your site is set up to be "mixed", to ensure that both modes are enabled out of the box.
You may, however, choose to change this value, to either disable SSO or to have it be solely SSO.
To do this, please access your DC's web.config file, and navigate to Confuguration → appSettings and change the value in the node with the key named "LoginMode" (See the image below.)
Image Added
Configuration via the MM
To configure AAD on the Digizuite side, open Media Manager and go into
Settings => SSOGeneral settings → SSO
Image AddedImage Added
Once that page loads, select
"WsFederation in the
dropdown"Configure a template member if required. If not configured for the SSO integration specifically, the general template member for the Digizuite will be used.
Configure "Group sync level". Check the tooltipsdrop-down. When pressed, some new fields will be loaded in the UI. They are as follows:
Template member ID (Optional)
If not set (i.e. set to 0), the user will be created with the default rights given to new users. (Usually the group "Trusted" is applied)
The ID can be found in the DAM Center in its "user" menu.
Insert the ID of a user you want SSO users to look like when they log in the first time. Please be aware that the new SSO users will get the default groups (Trusted by default, as mentioned before) in addition to the groups and roles they get from the template user
Group sync level
Check the tool-tips in MM for specifications about what the individual levels does.
Name
Next give the configuration a "name". This name is arbitrary and does not matter for usage, it's just for internal reference.
Metadata address
Next provide the "Metadata address" for the ADFS server.
It probably looksIt'll most likely look something like this: "https://
my-adfsserver/FederationMetadata/6e80d0d2-c049-4101-ad8d-8fd678b61299/federationmetadata/2007-06/
FederationMetadataApp ID
Next provideProvide the "App ID".
In ADFS on AD it's the url of the LoginService, which by default is "{damurl}/DigizuiteCore/LoginService". It's the same url that was configured in the ADFS server.Next press "save".
LastIt'll probably look something like this: "api://0619b1d1-f2b9-4a72-8052-8772847f870f"
Lastly, save and press "activate".
OnceWhen you see the page
changes to say "saying Latest is active
",
thenAAD
should beis good to go.
Table of Contents |
---|