Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Paste this URL into your browsr:

    1. Cloud Customers: https://app.frevvo.com:443/frevvo/web/saml/metadata/alias/{t} - replace {t} with the tenant id name of your

      Frevvoproduct
      Azure SAML tenant - Ex; azuread

    2. On-premise customers: http://<server>:<port>/frevvo/web/saml/metadata/alias/{t} - replace <server> with the ip of your server, <port> with the port number (if applicable) and t with the name of your frevvo tenant id).

  2. When the metadata displays, right click and select the browser option to View the Page source.
    Image Removed

    Save

    save the page as an xml file.

    Image Added

  3. We will need to copy the entire metadata from this file to the Azure SAML Security Manager configuration screen.
  4. Metadata must be generated for each Azure SAML tenant. Each tenant will have a unique URL.

...

  1. Browse the azure tenant (IdP) metadata at: https://login.microsoftonline.com/{azure-tenant-name}/FederationMetadata/2007-06/FederationMetadata.xml - replace {azure-tenant-name} with the id of your

    Frevvoproduct
     application in the Azure Active Directory. This can be obtained by viewing the endpoint URLS listed when you click Endpoints in your frevvo Azure application. In this example, fece6b7e-fbc6-4b3a-8287-fc07c29aa2d2 is the application id in Azure Active Directory.

    Code Block
     https://login.microsoftonline.com/fece6b7e-fbc6-4b3a-8287-fc07c29aa2d2/FederationMetadata/2007-06/FederationMetadata.xml
  2. Copy the source of the IDP metadata XML and save it Save all the metadata returned as an xml file.  We will need to copy the entire metadata from this file to the Azure SAML Security Manager configuration screen.

Step 4 - Create/edit the Azure SAML tenant

...

Note
  • Clicking the logout link in
    Frevvoproduct
    , logs the user out from
    Frevvoproduct
    only.
  • When a user logs in to space, the logout link will not be visible in an Azure AD (SSO) tenant.
  • When a user logs in to
    Frevvoproduct
    (non-space mode), the logout link will  be visible in an Azure AD (SSO) tenant.

Excerpt
hiddentrue

Azure SAML Tenant backdoor admin user

Just a reminder that the tenant admin account can login directly into Live Forms or use the Azure SAML login.

When you create a new tenant you are prompted to set up a tenant admin user id and password. This tenant admin does not authenticate via your Azure SAML IDP. It only exists in Live Forms. If you experience an issue with your Azure SAML configuration such that you can't login as an Azure SAML authenticated user, this account provides a backdoor you can use to login to your tenant as a tenant admin in order to fix your Azure SAML configuration issue. Only one backdoor tenant admin account is supported.

Image Modified

If your tenant originally used the Default Security Manager and then you changed to the Azure SAML Security Manager, this tenant admin account has already been setup. If you have forgotten the password, you can change it by :

  • Using the Live Forms Forgot Password? feature for the tenant admin account.
  • Logging in as a Azure SAML authenticated tenant admin and changing the password via Manage Users.

What if you do not remember the userid of your original tenant admin? Follow these steps:

  1. Login as your authenticated Azure SAML tenant admin
  2. Click Manage Users and click the Image Modifiededit admin icon.

Session Timeout

Session timeouts are configured in

Frevvoproduct
and in your Azure SAML IDP. If a user's session ends before the IDP timeout is reached, they will automatically be logged back into
Frevvoproduct
if they try to access it again. It is recommended that the
Frevvoproduct
session timeout and the IDP session timeout be configured for the same value.

...