Single sign-on (SSO)
- 10 Jul 2024
- 1 Minute zum Lesen
- Mitwirkende
- Drucken
- pdf
Single sign-on (SSO)
- Aktualisiert am 10 Jul 2024
- 1 Minute zum Lesen
- Mitwirkende
- Drucken
- pdf
Artikel-Zusammenfassung
Fanden Sie diese Zusammenfassung hilfreich?
Vielen Dank für Ihr Feedback
Microsoft Entra ID
- Communicate your
tenant IDto devteam@icfm.ch - We will configure your tenant in Campos accordingly and communicate back the admin consent link, in the form of:
https://login.microsoftonline.com/{your tenant ID}/adminconsent?client_id={Campos client ID}
For more information, see https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#construct-the-url-for-granting-tenant-wide-admin-consent - After granting tenant-wide admin consent (permissions
profileandUser.Readand claimsemail,given_nameundfamily_nameare requested), the SSO configuration is finished.
OpenID Connect
Contact devteam@icfm.ch to schedule a short Microsoft Teams meeting to setup SSO.
The following claims are required:
- sub
- given_name
- family_name
It is recommended to use a stable ID for the sub claim that never changes (like a GUID) and avoid unstable attributes like email address (may change on marriage).
ADFS with SAML2
- Communicate the
entityID(authority-URL) to devteam@icfm.ch - We will add your identity provider and give you the URL for the SAML metadata XML. It will look like https://signin.campos.ch/saml2/{your auth scheme }
- Import the metadata XML
- Typical claim rules:
- User-Principal-Name -> email
- Given-Name -> given_name
- Surname -> family_name
- ObjectGUID -> Name ID
- ObjectGUID is an ID that never changes
- it is possible that the ObjectGUID is not in the drop down, just type it in
