6 Azure Active Directory (AAD) - MM v4.10.0

Owned by Troels Holm (Unlicensed)
Last updated: Jul 24, 2017 by Mathias Mattson (MHM)
2 min read

Description

Media Manager supports Azure Active Directory (AAD) which allows Single Sign On (SSO) functionality for Microsoft and Azure accounts. The solution supports both single and multi-tenant directory applications. 

Prerequisites

  1. Azure directory account information.
  2. All other external login functionality must be disabled (e.g. AD, ADFS).
  3. Azure Active Directory (AAD) must be configured in the server section of the DAM Center (see the guide "Azure Active Directory" in the DAM Center documentation).
  4. An app registration must be done in AAD.


Ad 4)

Open the Azure portal https://portal.azure.com and navigate to "Azure Active Directory"→"App Registrations" and click the button to create a new registration. Enter a name for the application, e.g. "Media Manager" and the URL for the site. Then press "Save".  Access the "Reply URLs" list and add the URL for the application. 

Configuration schema

<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="azureActiveDirectory" xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
  <xs:element name="azureActiveDirectory" msdata:IsDataSet="true" msdata:UseCurrentLocale="true">
    <xs:complexType>
       <xs:element name="client">
          <xs:complexType>
			<!-- Enables or disables the client using AAD redirect -->
            <xs:attribute name="enabled" type="xs:bool" use="required" />
			<!-- ClientId corresponds to the Application ID in Azure Portal -->
            <xs:attribute name="clientId" use="required">
				<xs:simpleType>
					<xs:restriction base ="Guid" />
				</xs:simpleType>
			</xs:attribute>
            <!-- AADInstance is the login redirect URI -->
			<xs:attribute name="aadInstance" type="xs:string" default="https://login.microsoftonline.com/{0}" />
			<!-- Tenant is the DNS section of the App ID URI in Azure Portal. Required for single tenant usage -->
            <xs:attribute name="tenant" type="xs:string" />
          </xs:complexType>
       </xs:element>
    </xs:complexType>
	<xs:simpleType name="Guid">
        <xs:restriction base="xs:string">
            <xs:pattern value="([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(\{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\})"/>
        </xs:restriction>
    </xs:simpleType>
  </xs:element>
</xs:schema>


Note:

Make sure to add the section definition:

<section name="azureActiveDirectory" type="DigiEyeZ.Framework.WebLibrary.Configuration.AzureActiveDirectorySection" />


Configuration examples

Media Manager with single tenant login

<azureActiveDirectory>
    <client enabled="true" clientId="26667631-53d0-41e5-917c-6ecd05a48820" tenant="mytenantid.onmicrosoft.com" />
  </azureActiveDirectory>


How to invite an Azure user to the application

In the Azure Active Directory section of the Portal, select "Enterprise applications"→"All applications" and select your application from the list. Then select "Users and groups" and click "Add". Click "Users (none selected)" and press the "Invite" button.