Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Description

Media Manager (MM) supports Azure Active Directory (AAD) which allows Single Sign-On (SSO) functionality for Microsoft and Azure accounts (including Azure accounts created by inviting users from outside the AAD). The solution supports both single and multi-tenant directory applications. 

Prerequisites

Your DAM Center (DC) must be set up to accommodate MM - for this, please look at the Configuration Examples beneath your DC's documentation named 


  1. Azure directory account information.
  2. All other external login functionality must be disabled (e.g. AD, ADFS).
  3. Azure Active Directory (AAD) must be configured in the server section of the DAM Center (see the guide "Azure Active Directory" in the DAM Center documentation).
  4. An app registration must be done in AAD.


Ad 4)

Open the Azure portal https://portal.azure.com and navigate to "Azure Active Directory"→"App Registrations" and click the button to create a new registration. Enter a name for the application, e.g. "Media Manager" and the URL for the site. Then press "Save".  Access the "Reply URLs" list and add the URL for the application. 

Configuration schema

<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="azureActiveDirectory" xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
  <xs:element name="azureActiveDirectory" msdata:IsDataSet="true" msdata:UseCurrentLocale="true">
    <xs:complexType>
       <xs:element name="client">
          <xs:complexType>
			<!-- Enables or disables the client using AAD redirect -->
            <xs:attribute name="enabled" type="xs:bool" use="required" />
			<!-- ClientId corresponds to the Application ID in Azure Portal -->
            <xs:attribute name="clientId" use="required">
				<xs:simpleType>
					<xs:restriction base ="Guid" />
				</xs:simpleType>
			</xs:attribute>
            <!-- AADInstance is the login redirect URI -->
			<xs:attribute name="aadInstance" type="xs:string" default="https://login.microsoftonline.com/{0}" />
			<!-- Tenant is the DNS section of the App ID URI in Azure Portal. Required for single tenant usage -->
            <xs:attribute name="tenant" type="xs:string" />
          </xs:complexType>
       </xs:element>
    </xs:complexType>
	<xs:simpleType name="Guid">
        <xs:restriction base="xs:string">
            <xs:pattern value="([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(\{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\})"/>
        </xs:restriction>
    </xs:simpleType>
  </xs:element>
</xs:schema>


Note:

Make sure to add the section definition:

<section name="azureActiveDirectory" type="DigiEyeZ.Framework.WebLibrary.Configuration.AzureActiveDirectorySection" />


Configuration examples

Media Manager with single tenant login

<azureActiveDirectory>
    <client enabled="true" clientId="26667631-53d0-41e5-917c-6ecd05a48820" tenant="mytenantid.onmicrosoft.com" />
  </azureActiveDirectory>


How to invite an Azure user to the application

In the Azure Active Directory section of the Portal, select "Enterprise applications"→"All applications" and select your application from the list. Then select "Users and groups" and click "Add". Click "Users (none selected)" and press the "Invite" button. 


  • No labels