Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleClick here for some more tips....


Info

Do not include the curly braces in the URLs discussed below.

  1. Login to the Microsoft Azure Management console: https://manage.windowsazure.com or https://portal.azure.com with your Azure global administrator account.
  2. Click on the Azure Active directory link on the left side of the screen.
  3. Click on the App Registrations link.
  4. Click on the New application registration link for creating a new application.
  5. Enter the following details:
    1. Name:- Name of your frevvo Azure application
    2. Select who can use this application or access this API
  6. Configure the Redirect URL:
    1. Cloud Customers should use https://app.frevvo.com:443/frevvo/web/saml/SSO/alias/{t} - replace {t} with name of your frevvo tenant.

      Info

      For example, if you were changing the Security Manager from the Default Security Manager to the Azure SAML Security Manager for a frevvo Cloud tenant named mycompany.com, the REPLY URL would be:

      https://app.frevvo.com:443/frevvo/web/saml/SSO/alias/mycompany.com 


    2. On-premise customers should use http://<server>:<port>/frevvo/web/saml/SSO/alias/{t} - replace <server> with the ip of your server, <port> with the port number (if applicable) and t with the name of your frevvo in-house tenant.

      Info

      For example, if you were changing the Security Manager from the Default Security Manager to the Azure SAML Security Manager for a frevvo in-house tenant named mycompany.com, the REPLY URL would be:

      https://<server:port>/frevvo/web/saml/SSO/alias/mycompany.com 


    3. Click Register.
  7. Select the frevvo application from the list.
  8. Click the Branding tab
  9. Configure the Home Page URL:
    1. Cloud Customers should use https://app.frevvo.com:443/frevvo/web/tn/{t}/login - replace {t} with the name of your frevvo Cloud tenant.

      Info

      For example, if you were changing the Security Manager from the Default Security Manager to the Azure SAML Security Manager for a frevvo Cloud tenant named mycompany.com, the SIGN-ON URL would be:

      https://app.frevvo.com:443/frevvo/web/tn/mycompany.com/login


    2. On-premise customers should use http://<server>:<port>/frevvo/web/tn/{t}/login - replace <server> with the ip of your server, <port> with the port number (if applicable) and t with the name of your frevvo in-house tenant.

      Info

      For example, if you were changing the Security Manager from the Default Security Manager to the Azure SAML Security Manager for a frevvo in-house tenant named mycompany.com, the SIGN-ON URL would be:

      https://<server:port>frevvo/web/tn/mycompany.com/login


    3. Click Save.
  10. Click on the API Permissions tab.
    1. Click Add a Permission.
    2. Select Azure Active Directory Graph from the Supported legacy APIs section.
    3. For Application Permissions, select Read and write directory data (under Directory).
    4. For Delegated Permissions, select Sign in and read user profile (under User) AND Read directory data under (under Directory).
    5. Click on the Grant Permissions button select "Yes" option  and click on the Save button.
  11. Click on the Expose an API tab.
    1. Configure the Application ID URI:
      1. Cloud Customers should use https://app.frevvo.com:443/frevvo/web/alias/{t} - replace {t} with the name of your frevvo Cloud tenant.

        Info

        For example, if you were changing the Security Manager from the Default Security Manager to the Azure SAML Security Manager for a frevvo Cloud tenant named mycompany.com,the AP ID URL would be:

        https://app.frevvo.com:443/frevvo/web/alias/mycompany.com 


      2. On-premise customers should use http://<server>:<port>/frevvo/web/alias/{t} - replace <server> with the ip of your server, <port> with the port number (if applicable) and {t} with the name of your frevvo in-house tenant.

        Info

        For example, if you were changing the Security Manager from the Default Security Manager to the Azure SAML Security Manager for a frevvo in-house tenant named mycompany.com, the AP ID URL would be:

        https://<server:port>/frevvo/web/alias/mycompany.com


      3. Click Save.

  12. Click the Certifiates & secrets tab.
    1. Generate the Client Secret. COPY/SAVE the VALUE in a notepad - you will need this for the frevvo tenant screen.  
      There is only one chance to retrieve the client secret key when you create the application for
      Frevvoproduct
      in Azure. Once you leave this screen the value will be hidden.
  13. Click the Overview tab.
    1. Copy the Application ID into your notepad. This is the value of the Client ID on the frevvo configuration screen.
    2. Copy the Directory ID into your notepad. This is the value of the Tenant ID on the frevvo configuration screen.
      Click Endpoints at the top of the screen. Copy the Federation Metadata Document URL from the list to your notepad. This is the URL that you will use to generate the Azure metadata

      Code Block
      titleExample of the Federation Metadata Document URL
      https://login.microsoftonline.com/3d532ac1-a43c-45c7-b0e9-cc814400ca11/federationmetadata/2007-06/federationmetadata.xml

       

  14. Proceed to Step 2 - Create the Live Forms metadata file
Warning

Just a reminder - you will need the Azure tenant ID, the client id and client secret for the frevvo application when configuring your

Frevvoproduct
Azure SAML tenant.


...

  1. Paste this tenant specific URL into your browser:
    1. Cloud Customers: https://app.frevvo.com:443/frevvo/web/tn/{t}/login - Replace {t} with the name of your Azure SAML tenant.

    2. On-premise Customers:http://<server>:<port>/frevvo/web/tn/{t}/login. Replace <server> and <port> with your server information and t with the name of your Azure SAML tenant.
    3. The user is redirected to the Azure login screen.



    4. If the user is authenticated,

      Frevvoproduct
       screens display depending on the level of authorization specified for the user. Designer users will see the Projects Home Page while non-designer users will be directed to their Task List. You will see this redirection when logging into a
      Frevvoproduct
      space as well.

     


Note
  • Clicking the logout link in
    Frevvoproduct
    , logs the user out from
    Frevvoproduct
    only.
  • When a user logs in to space, the logout link will not be visible in an Azure AD (SSO) tenant.
  • When a user logs in to
    Frevvoproduct
    (non-space mode), the logout link will be visible in an Azure AD (SSO) tenant.
  • Cloud customers browsing app.frevvo.com or in-house customers browsing  http://<servername>:<port>/frevvo/web/login attempting to log into an Azure tenant directly (user@saml tenant name) will automatically be redirected to the Azure IDP login page.

...

  1. Login to your Azure SAML tenant as the as the tenant admin.
  2. Click the Edit Tenant link
  3. Add the custom attributes to the Custom section as a comma separated list. The image shows the department and displayName attributes listed in the custom attribute section.



  4. Design your form/workflow with fields to collect the information.
  5. Write a business rule to populate the controls with the custom attribute information.

Section


 
Column
width50%



Column
width50%

Here is an example of a rule that will retrieve the custom attributes, department and displayName, plus the standard attributes, First Name, Last Name and Email address.

Code Block
languagejs
if (form.load) {
    FirstName.value = _data.getParameter('subject.first.name');
    LastName.value = _data.getParameter('subject.last.name');
    EMail.value = _data.getParameter('subject.email'); 
    department.value = _data.getParameter('subject.department');
    displayName.value = _data.getParameter('subject.displayName');
} 



...

At least one designer user that is going to be connecting forms/workflows to SharePoint with the Save to SharePoint wizard must also be a SharePoint user with the correct privileges to provide consent if your tenant is configured with the Azure SAML Security Manager .