Azure Active Directory SSO

Azure portal configuration

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial Make sure you have permission like Application Administrator to add or manage applications in Azure AD


Configure your Azure application’s Single sign-on via SAML



Configure SAML with the following information, you may change the server name (www.ryarc.net) correspondingly.



Expose roles as Claims



Add User/Group into your application in Azure

Include the users into the whitelist



CMService configuration

CMService Role matching

According to the Roles returned from Azure AD, we create different roles with the same name in CMService, and assign them with different permissions. For example, ‘VPN-Users’ from Active Directory will automatically be granted the CMService role ‘VPN-Users’ .



MetaData XML

Download and copy Metadata XML from the link in the last screenshot into folder “C:\Program Files (x86)\Ryarc CampaignManager 7\Ryarc CM Service\CMService\App_Data”

Rename the XML as ‘SSO-xxxx.xxx.xml’. ‘xxxx.xxx’ is the corporate email suffix.



CMService web.config setting

Add key value pair under AppSettings in CMService web.config

The key name should be ‘SSO-xxxx.xxx’, ‘xxxx.xxx’ is the corporate email suffix. So it is as same as the filename of the XML The value is the Azure AD identifier as shown in the last screenshot.



Domain setting

Login Realm and configure the domain using the Azure AD with its identifier. It is the value of the key just added in web.config.



Test

Login using your company’s email address.



If you are entitled to access the CMService, you will be signed in with your corresponding user and role in CMService.