Login

Knowledge Base

Configuring SAML in Azure Active Directory Account

This article provides administrators with steps to configure SAML in your organization's Azure Active (AD) account and to set up Ingeniux CMS with SAML authentication.

Description

With Security Assertion Markup Language (SAML), you can authenticate users when they log in to Ingeniux CMS.

Step-by-Step

To configure SAML in your organization's Azure Active Directory (AD) account and to set up Ingeniux CMS with SAML authentication:

  1. Log in to your Azure AD Account, and navigate to Enterprise applications in the Manage list.

    Enterprise Applications

  2. Select New application.

    New Application

  3. Choose Create your own application.

    Create Your Appication

  4. Enter a friendly name for your application, and select Integrate any other application you don’t find in the gallery (Non-gallery).

    Integrate any Other App not in Gallery (i.e., Non-gallery)

  5. Click Create at the bottom of the pane.

    Click the Create Button

  6. Select Single Sign-on from the Manage list, and then select SAML to open the Basic SAML Configuration settings.

    SSO then SAML

  7. Click Edit (pencil icon) in the Basic SAML Configuration area.

    Click Edit

  8. Enter the Identifier (Entity ID).
    Note

    This value is your CMS URL.

  9. Enter the Reply URL (Assertion Consumer Service URL).
    Note

    This value is your CMS URL appended with /SAML/AssertionConsumerService.

  10. Enter the Sign on URL.
    Note

    This value should match the Reply URL (Assertion Consumer Service URL) in the step above.

    Enter Sign on URL

  11. Click Save at the top of the Basic SAML Configuration area.
  12. Navigate to the SAML Signing Certificate.
  13. Download Certificate (Raw).
    Note

    You will need to deploy this certificate to the Ingeniux CMS server.

    Certificate (RAW)

  14. Copy the Azure AD Identifier URL and Login URL.
    Note

    These URLs will be used to populate saml.config in the Ingeniux CMS.

    azure AD ID URL and Login URL

  15. Optional: Navigate to Users and groups in in the Add Assignment area. Here, you can define your organization's users who are authorized to interact with Ingeniux CMS.

    Users Authorized to Interact with Ingeniux CMS

  16. Log in to the Ingeniux CMS Server.
  17. Open the saml.config file in a text editor.
  18. In saml.config, update the following values:
    • Name: The EntityID defined in Step 8 (i.e., the value of Identifier (Entity ID)).
    • AssertionConsumerServiceURL: The value defined in Step 9 (i.e., the value of Reply URL (Assertion Consumer Service URL)).
    • PartnerIdentityProviderName: The value defined in Step 14 (i.e., the value of Azure AD Identifier).
    • PartnerCertificateFile: Thecertificate you downloaded on Step 13 (i.e., Certificate (Raw)).
    • SingleSignOnServiceURL: The value defined Step 14 (i.e., the Login URL).

    saml.config File

  19. Save changes to saml.config.
  20. Open the local-membership.config file in a text editor.
  21. In local-membership.config, add a SAML Provider.
    Note

    The idpPartner is the Azure AD Identifier URL provided in Step 14.

    local-membership.config File

  22. Save changes to local-membership.config.
  23. Recycle the Ingeniux CMS Application Pool.
  24. Navigate to the Ingeniux CMS login screen. Select the new Membership Provider in the drop-down list created in Step 18.

    Ingeniux CMS Login

  • PRODUCT: CMS
  • VERSION: CMS 10
  • RELEASE: 10.x
  • Published: February 23, 2022
  • LAST UPDATED: September 19, 2023
  • Comments: 0

Please login to comment

Comments

There are no comments yet.