Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Login to the Microsoft Azure Management console: https://manage.windowsazure.com

  2. Add a new application under the Active Directory tab.
  3. In order to complete the single sign-on fields:
    1. AP ID URI:
      1. Cloud Customers should use https://app.frevvo.com:443/frevvo/web/alias/{t} - replace {t} with the tenant id of your frevvo Azure SAML tenant.

      2. On-premise customers should use http://<server>:<port>/frevvo/web/alias/{t} - replace <server> with the ip of your server, <port> with the port number (if applicable) and t with your frevvo Azure SAML tenant id.

    2. REPLY URL:
      1. Cloud Customers should use https://app.frevvo.com:443/frevvo/web/saml/SSO/alias/{t} - replace {t} with the tenant id of your frevvo Azure SAML tenant.

      2. On-premise customers should use http://<server>:<port>/frevvo/web/saml/SSO/alias/{t} - replace <server> with the ip of your server, <port> with the port number (if applicable) and t with your frevvo Azure SAML tenant id.

    3. SIGN-ON URL
      1. Cloud Customers should use https://app.frevvo.com:443/frevvo/web/tn/{t}/login - replace {t} with the tenant id of your frevvo Azure SAML tenant.

      2. On-premise customers should use http://<server>:<port>/frevvo/web/tn/{t}/login - replace <server> with the ip of your server, <port> with the port number (if applicable) and t with your frevvo Azure SAML tenant id.

    Excerpt
    hiddentrue
    Be sure to set up the application permissions to allow the graph API to read the directory in order to retrieve users and groups.

    You will need the Azure tenant ID, the client id and client secret key that are created for the frevvo application when configuring your

    Frevvoproduct
    Azure SAML tenant.

    1. One way to restrict access to
      Frevvoproduct
      for specific Azure AD users only, is to:
    • Make sure the USER ASSIGNMENT REQUIRED TO ACCESS APP is set to YES
    • Add users to the application under the USERS tab.
    1. Groups listed under the GROUPS tab in Active Directory map to
      Frevvoproduct
      roles. Refer to Prerequisites for more information.

     

    Expand
    titleClick here for some more tips.

    You must be in the Azure classic portal view to see the screens shown below:

    1. Be sure to set up the application permissions to allow the graph API to read the directory in order to retrieve users and groups.



    2. You will need the Azure tenant ID, and the client id and client secret key that are created for the frevvo application when configuring your

      Frevvoproduct
      Azure SAML tenant.

      1. The client id is displayed on the Configure screen of the application for
        Frevvoproduct
        in Azure. An example is shown in the image:
      2. The tenant id for application that you created in Azure for
        Frevvoproduct
        can be obtained by viewing the endpoint Urls listed when you click View Endpoints icon at the bottom of the page. See the example in the image:

      3. There is only one chance to retrieve the client secret key when you create the application for
        Frevvoproduct
        in Azure. In the keys section on the CONFIGURE screen, select an option for the application duration. Click the SAVE icon on the bottom menu to display the client secret key. Copy the key and save it so you have it available when you create your Azure SAML tenant in
        Frevvoproduct
        .



      4. One way to restrict access to
        Frevvoproduct
        for specific Azure AD users only, is to:
      • Make sure the USER ASSIGNMENT REQUIRED TO ACCESS APP is set to YES
      • Add users to the application under the USERS tab.
      1. Groups listed under the GROUPS tab in Active Directory map to
        Frevvoproduct
        roles. Refer to Prerequisites for more information.

...