Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Log onto
    as the superuser (on-premise) or the tenant admin (cloud).
  2. Access the Add Tenant (on-premise) or Edit Tenant (cloud) screen.
  3. Select Azure SAML Security Manager from the Security Manager Class dropdown.
  4. Copy the Service Provider (frevvo) metadata into the Service Provider field. You can include the xml prolog when you paste the Service Provider (frevvo) metadata.

  5. Copy the metadata from the Azure tenant IDP file previously created and paste it into the Identity Provider field.

  6. Enter the Federation Metadata Document URL that you used in Step 3 to generate the Azure IDP metadata into the URL field below the Identity Provider sectioncopied from Endpoints in your frevvo Azure application. The URL is needed to handle Signing key rollover in Azure Active Directory. This URL is polled and refreshes the Azure IDP metadata every 3 hours. The new metadata is stored and automatically used as backup in case the URL is not accessible.

    In this example, fece6b7e-fbc6-4b3a-8287-fc07c29aa2d2 is the 

    tenant id in Azure Active Directory. It was obtained by viewing the endpoint URLS listed when you click Endpoints in your frevvo Azure application.

    Code Block
    Code Block
    titleExample of Federation Metadata Document URL  
  7. Check the Ignore Case checkbox if you are using LDAP for authentication and you want

    to ignore the case stored in LDAP systems for users/roles. The field is checked by default. Refer to the Mixed or Upper case User Names topic for more information.

  8. Enter the User Id. This should be the User property name that identifies the user. A typical value is userPrincipalName, givenname etc.

  9. Custom attributes can be mapped by typing the attribute names in the Custom field separated by a comma.
  10. Enter the following information in the API Access section.
    1. Enter the Azure tenant identifier into the tenant Id field. This can be obtained by viewing the endpoint Urls listed when you click View Endpoints in your frevvo Azure application.
    2. Enter the client id and client secret key that were created as part of registering the frevvo application into the respective fields.

  11. Configure a tenant admin account. This account  does not require Azure SAML authentication. This tenant admin can log directly into
    providing a default security manager backdoor.

    1. The tenant admin id, password and email fields are required.
    2. When this tenant admin performs a form based login i.e. /frevvo/web/login, the password entered on this screen is used for authentication. This is also the URL used by the API.
    3. If the tenant based login url is used i.e. /frevvo/web/tn/{t}/login then the Azure SAML login is used.

    The forgot password function works for an Azure SAML tenant admin user. For all others, it will display the error message about not being supported for the tenant.

  12. Configure the Business Calendar for your tenant. The
    escalation feature will use this calendar to calculate deadlines and send notification and reminder emails.
  13. Enter HTTP Auth credentials if required. Credentials for external secure web services accessed by the forms and flows in your tenant can be specified in this section.
  14. Click Submit.