You can now connect your content calendar Kordiam with Azure AD.
Please note: Microsoft announced it will have renamed "Azure AD" to "MS Entra ID" by the end of 2023.
How to Set Up Single Sign-On with Azure AD for Kordiam?
Pre-Conditions
- Your company needs to be both an Azure AD user as well as a Kordiam customer.
- Your Kordiam subscription must include access to the SAML security features. You get access to these features by purchasing the Support & Security Package. If you are a large enterprise customer this will likely be included in your package.
As a result you need to be eligible to access the Security page in Kordiam.
Please contact Kordiam Sales if you are interested in this feature, but don't have access to it.
Setting up the Connection
Follow these steps in Azure Portal (you need to have admin rights for this):
- Log in to the Azure Portal and navigate to the Azure Active Directory.
- Click on "App registrations" and then click "Endpoint".
- Look for the "Federation metadata document" endpoint in the list of endpoints. The URL for this endpoint should look like this example: "https://login.microsoftonline.com/{TENANT-ID}/federationmetadata/2007-06/federationmetadata.xm".
[Note that the URL contains "{tenant-id}", which represents a placeholder for the unique identifier (tenant ID) of each organization in Azure AD. Every organization has its own tenant ID, which needs to be replaced with the specific value for "{tenant-id}" in the link for it to work properly.] - Copy the URL for the WS-Federation sign-on endpoint.
Once you have done this, switch over to Kordiam for the easy setup:
- Access the Security page in Kordiam.
- In the Azure AD section enter the following data:
- Domain name (e.g. "acme-publishing") It must be unique to avoid duplication. The domain name has to be entered by the user on the login page, when they establish connection via Azure AD for the first time.
- Metadata URL (the URL for the WS-Federation sign-on endpoint which you copied a few steps earlier)
- Test the connection by clicking on Test Connection.
- Click Save at the bottom of the page and you are all done.
Note: Two different SSO options, such as ADFS and Azure AD (MS Entra ID), can easily be used simultaneously.
How Users Can Use the Single Sign-On
For the first login after the Azure AD connection has been set up users access Kordiam via the usual login page.
On that page they find a button with Azure AD. They are then prompted to enter the domain name that was specified for Azure-AD on the Security Settings page of the Kordiam account.
Errors
Please check the special page with a list of potential SAML error messages.
Kommentare
0 Kommentare
Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.