To use Federated Authentication with Media Manager, some configuration is required. It is now enough to just add SSO configuration in the DAM Center web.config which will then be inherited to the LoginService - there is one exception to this which is for Azure Active Directory where it is required to add something to the loginservice web.config as described in 5.4.
5.1 Prerequisites
One of the Federated Authentication options should be configured for the Digizuite™ DAM Center. Follow setup guides there for the prefered authentication mechanism.
5.2 Configure MM for Federated Authentication
Open the web.config file for MM in a text editor like Notepad++.
Two values need up be updated, and a third might need to be changed, depending on requirements.
In <appSettings>, change LoginServiceUrl's value to "#{DC_URL}/LoginService", e.g. "https://dam.digizuite.com/LoginService".
Change UseFederatedAuthentication to "true" instead of "false".
If you open MM now, you should automatically hit the selected federated authentication you configured for DC.
5.3 Additional configuration options
If you want to use both normal DAM login and Federated Authentication, set AllowNormalLogin to "true" instead of "false".
This will cause MM to open like normal, but add a special button to the login dialog to login with SSO.
Important
If you set your MM5 to use AD, then it should still have the "UseFederatedAuthentication" be true
But, you must not have "AllowNormalLogin" be true. If you fail do do this, then people will be redirected into the MM5 without being prompted.
Also, you should not have "Windows authentication" enabled for the MM5, as this will result in the end user being prompted by two AD login prompts, instead of one.
5.4 Azure Active Directory in LoginService
In case you are using Azure Active Directory, it is required to add the following to the Webconfig which is placed in the LoginService folder in DAM Center web folder.
Important is to try with an empty string in redirectUri or otherwise use 'https://dam.digizuite.com/LoginService/' (important with backslash at the end)