In this article
Single Sign-On (SSO) is a user authentication process that allows your users to sign in to multiple applications using the same set of login credentials. This allows ease of use for the end users and ease of management for administrators. VIDIZMO offers the most flexible options for you to integrate with a wide range of single sign-on authentication providers, including:
- Directory services such as Azure AD, Azure Directory Federation Service etc.
- Identity Access Management (IAM) services such as Okta, OneLogin, Ping, Centrify, ForgeRock,
- Third-party login services such as Facebook, Google, Office 365, Twitter, LinkedIn, etc.
With an app model integration for SSO, VIDIZMO makes the integration as easy as enabling/disabling your identity provider from within the platform administrator interface in minutes. Enterprises using ADFS as their identity provider can utilize SSO option with VIDIZMO, allowing users to sign in using the same set of credentials.
For more information about VIDIZMO SSO Apps, read Understanding Single Sign-On.
Before you start
- For configuring ADFS SSO with VIDIZMO, you must have a ADFS server's administrator account so that you can create a Application Group for authorization.
- If more SSO Apps have been configured and enabled on your Portal other than ADFS SSO, your users will see multiple buttons on the login page allowing them to choose any identity provider of their choice to log in to their VIDIZMO Portal.
- VIDIZMO requires your ADFS authorization server to expose a list of scopes to map attributes and provide user authentication. These scopes include:
- Profile (The user's First Name and Last Name are exposed and mapped in your VIDIZMO account in this Scope)
- Email (The user's Email Address is exposed and mapped in your VIDIZMO account in this Scope)
- Openid (this is required to indicate that the application intends to use OIDC to verify the user's identity)
- Managers and Administrators of the Portal can configure and enable SSO options in VIDIZMO.
- If your portal is using HTTPS protocol, make sure your ADFS authentication server is also using HTTPS.
Configuration in ADFS
In AD FS Management, right-click on Application Groups and select Add Application Group.
On the Application Group Wizard, for the name enter ADFSSSO and under Client-Server applications select the Web browser accessing a web application template. Click Next.
Copy the Client Identifier value. It will be used later as the value for ida:ClientId in the VIDIZMO Configuration.
Enter the following for Redirect URI: - https://portaldomain.com/sso/signin-adfs. Click Add. Click Next.
On the Choose Access Control Policy screen, click Next.
On the Summary screen, click Next and then click Close.
7. In AD FS Management, click on Application Groups and right click on ADFSSSO application and click properties.
8. Select and edit the ADFSSSO - Web application.
9. Select Issuance transform Rules Tab and add new rule.
10. Add Transform Claim Rule Wizard will open. At Choose Rule Type screen, Select Send LDAP Attributes as Claims as the Claim Rule template from the drop down list. Click Next to proceed.
11.You will move on to Configure Claim Rule screen:
i. Enter Claim rule name.
ii. Select Active Directory as the Attribute store from the dropdown list.
iii. Start Mapping LDAP attributes to outgoing claim types.
The LDAP Attribute column shows the claims available from Active Directory and Outgoing Claim Type are claim types which will be sent to VIDIZMO.
Once all the LDAP Attributes to outgoing claim types are added, click Finish.
The Claim Rule is successfully added:
i. Click on Apply to save changes.
ii. Click OK to close the screen.
Configuration in VIDIZMO
Go to SSO Apps
1. After logging into your portal, from your homepage:
iii. Click on the Settings tab and you'll be directed to Portal Settings page.
2. On Portal Settings page, expand Apps and select Single Sign-On.
i. Click on the settings icon against ADFS SSO to configure its app in the portal.
Set up ADFS SSO Client
1. From the ADFS Settings screen:
i. Enter the name you gave to your application as Client ID while setting it up in ADFS.
iii. The Meta Address URL is the portal's URL
iv. Click on Save Changes to proceed.
2. After saving changes, you will be back on the SSO Apps page from where you can top off the process:
i. Toggle the button against ADFS SSO to enable it on your portal.
Sign in using ADFS SSO
Sign out from your existing account and navigate back to the Login page only to see an option to sign in using ADFS SSO.