Azure-AD
To add CloudCheckr FinanceManager to your Azure AD applications:
- In your Azure portal, go to the Azure Active Directory service:
- In the sidebar, click Enterprise applications:
- Click the New application button:
- Click the Non-gallery application button:
- Enter a name for the new application and click the Add button.
- Click the Configure single sign-on (required) button:
- From the Single Sign-On Mode dropdown list, select SAML-based Sign-on:
- Enter the following details on this page:
Azure-AD setting Use value Identifier CloudCheckr FinanceManager Entity ID / Metadata URL endpoint Reply URL CloudCheckr FinanceManager Assertion Consumer Service endpoint Show advanced URL settings Checked Sign on URL Optional, you can enter URL for CloudCheckr FinanceManager interface Relay State Leave empty User Identifier Select user.mail - Click the Configure [your application name] button:
- A new pane will open with instructions. Navigate to the CloudCheckr FinanceManager SAML configuration (see configuration) and copy the following options from the pane in your Azure portal:
CloudCheckr FinanceManager SAML setting Use value Entity ID SAML Entity ID SSO URL SAML Single Sign-On Service URL SLO URL Sign-out URL X-509 certificate Download the certificate by clicking the SAML Signing Certificate - Base64 encoded link. Open the .cer file with a text editor and remove the text -----BEGIN CERTIFICATE-----
,-----END CERTIFICATE-----
and all line breaks so you end up with a single-line base64 encoded stringThe CloudCheckr FinanceManager configuration page could look something like this:
- Unfold the Advanced menu at the bottom of the screen, and paste the following JSON data:
{
"security": {
"wantXMLValidation": false
}
} - In CloudCheckr FinanceManager, click the Update button
- In the Azure Portal, click the Save button
- Enable Single Sign-On in CloudCheckr FinanceManager by navigating to Administration > Configuration and then clicking on the System tab.
- Make sure the Single Sign-On option is set to Enabled, and click the Update button:
SSO is now configured and enabled, and you can now use Azure AD to login to your CloudCheckr FinanceManager instance. The login screen will look something like this:
By clicking on the Login button, you’ll be taken to the Azure AD login screen. CloudCheckr FinanceManager will receive the Azure AD e-mail address and create a new user with a minimal set of permissions if no existing user is found.