1 AAD: Requirements - DAM v4.8.0
- Mathias Mattson (MHM)
In order for AAD to work, you need to make sure that the following requirements are met.
1: Access to your AAD Azure Account
Access https://portal.azure.com and login.
If you're able to see "Azure Active Directory" - you meet this requirement
2: AD and ADFS must be disabled
Access the product or products (DC and or MM) you want to enable AAD login for.
If you are not met with a prompt - asking for you to login with AD or AAD - you meet this requirement.
3: The ID of a user of which you want all your users to look like (AAD Template User)
In the Digizuite DAM solution, there are no users that are specifically a template user or not. The system is per default configured with two users, that are "copied" every time either a collection or self-signup user has been created by the system. These two users are users, like any other user, the only thing that sets them apart is that their passwords usually is something that's meant never to be written again, and their member ID's have been set to be called upon by the system.
Usually the self-signup user named "self-sign up template user" has been set up correctly if your have the self-signup functionality enabled in your Media Manager. If this is the case, usually this user can be used for automatic assigning of roles when creating AAD users. Remember this user's user ID then (usually this is something like "300xx")
If you cannot use the previously mentioned template user, you'll have to create a new user. You do this by doing the following steps:
- Login to your DAM Center with a Super Administrator or an Administrator user
- Go to System tools → Users and groups → Users → System users and press Add
- In the Username field, you type in "AAD Template User", in the password field you type in something random, and in the Metagroup field "User Config" and press create
- Now make a note about your new user's user ID
- Now edit the user's roles by expanding the right side Edit menu - and then make sure that you're in the view named "Standard" now add the following groups
- Internal access
- Light user or Content Creator
- Public access
- Trusted (usually, already added by default)
- Press save
The ID you've noted down will be used in a upcoming section, where you have to edit some XML.
4: You must make an App Registration on DC and/or MM in Azure
Only DC and MM are atm. the only two products we offer, that requires AAD registration to work with AAD.
You should only register (and subsequently configure to use AAD) the product or products you want to enable AAD login for.
For example, if you choose to have MM as the only application which prompts for users' AAD credentials, your DAM Center application should not be registered.
You register your product by doing the following steps:
- Access https://portal.azure.com with your Azure credentials, you have from the first requirement (Access to your AAD Azure Account)
- Access "Azure Active Directory" (see image)
- In here, press the "App registrations" beneath "Manage" (See image)
- Now press the "New application registration"
- In the "Name" and "Sign-on URL" fields, you copy-paste the entire URL of your application
- Press in the bottom
- Repeat the process for the product you didn't just configure (The MM if you set up the DC, and vice versa)
- When this is done, make a note of the Application ID's of the new App registrations you've just made
- Now go into one of the app registrations, and then Properties
- Make a not of the App ID URI without https:// and GUID
- For example "https://digizuite.onmicrosoft.com/95303ff7-f100-47ab-ad3a-2a465ff47bd0" becomes "digizuite.onmicrosoft.com"