Setup of OpenIDConnect (Entra or other IDP)

Owned by Morten Boisen
Last updated: Nov 29, 2023
2 min read

1a (If Azure Entra) Setup of IDP

(If other IDP is used, please refer to their documentation on how to setup an OpenIDConnect)

Sign in to the Azure Entra Portal with an admin account.

Create a new App registration:

Give it a fitting name and select the correct account types.

In the redirect URI you will need to insert (Replace DAMURL)
https://DAMURL/DigizuiteCore/LoginService/signin-oidc

If there are multiple DAM URLs, they need to be added as well (with the /DigizuiteCore/LoginService/signin-oidc added).

It is important that its the backend URLs, not URLs for Media manager, office connector e.g.

 

Go to Authentication and add ID token

Go to Certificates & secrets

And create a new client secret. Please copy the value this is needed later on.

Go back to the Overview and copy the “Application (client) ID” and “Directory (tenant) ID.

Send the “Application (client) ID” and “Directory (tenant) ID and the Value of the client secret to Digizuite.

 

1b (If using a different IDP than Azure Entra)

Set up Redirect URL:

https://DAMURL/DigizuiteCore/LoginService/signin-oidc

If there are multiple DAM URLs, they need to be added as well (with the /DigizuiteCore/LoginService/signin-oidc added).

It is important that its the backend URLs, not URLs for Media manager, office connector e.g.

Send the following information to Digizuite:

Authority

Client ID

Client Secret

Name claim type - This is a unique username (could be email or sub)

 

2 Setup the SSO in the Media manager

 

Login to the media manager with a Super administrator.

Go to “Settings” - “General settings” - “SSO“

Select OpenIDConnect

Insert a Template member user ID. You can use the guest user if you want low access: 30006 (Or you can create a template user that matches your need)

Select the Sync level

Enter a name

Enter Authority (If Entra it will be https://login.microsoftonline.com/“Directory (tenant) ID”/ e.g. https://login.microsoftonline.com/d555db3d-40a3-49c1-9222-231563730bdd/ )

Enter Client ID (If Entra it will be Application (client) ID)

Enter Client secret

Enter Name claim type (leave as default if using Entra)

Now Press Save and then Activate.

Once it says “Latest is active” the SSO configuration is enabled

 

Setup of Sync groups in the DAM

If you have selected FullSync or AddOnly in your Group sync level you will need to setup your group binding in the DAM.

You will need to Login with a super administrator and go to:

System tools- Users and groups - Groups

Find the group you want to bind and do the enter the binding ID and select “Is binding group”:

 

Repeat this process for all the groups that should be synced.