Setup in ADFS
Open ADFS management tool and go to Relying Party Trust
...
Relying party identifiers will be https://DAMURL/DigizuiteCore/LoginService
If there are multiple DAM URLs, they need to be added as well (with the /DigizuiteCore/LoginService added).
| Note |
|---|
It is important that its the backend URLs, not URLs for Media manager, office connector e.g. |
E.g:
...
Choose who should have access to the solution.
...
Note if you have a large AD with many groups, it may be an idea to make a custom extraction of the DAM groups. Then This will prevent the token will not be come to from becoming too large for the website to handle.
It can be done by creating the following two custom rules:
Get Groups from ADcAD
| Code Block |
|---|
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";tokenGroups;{0}", param = c.Value); |
Send DAM groups as Claims (remember to update the Regex ^(?i)dam - scheme - .+$ to match your group naming)
| Code Block |
|---|
c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "^(?i)dam - scheme - .+$"]
=> issue(Type = "http://schemas.xmlsoap.org/claims/Group", Value = c.Value, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType); |
Get the Metadatafederation url for next step. It will most likely be: https://YourADDomain/FederationMetadata/2007-06/FederationMetadata.xml
Setup of Media manager (Digizuite configuration only)
Login to the media manager with a Super administrator.
...
Example of a configuration:
...
Setup of Sync groups in the DAM
If you have selected FullSync or AddOnly in your Group sync level you will need to setup your group binding in the DAM.
...
In the Binding group name you can input either the domain/groupname or the group SID.
Setup of connectors or media manager:
Set a connector or Media manager to use SSO login