I have written the following article before.
Configuring Single Sign-On with Azure AD (Office365) for Cloud-based Workflow
I think the setting procedure shown in this article was a little complex.
Now it is easier to configure it. It is because Questetra was allowed to be registered in the application gallery of Azure Active Directory (Azure AD) in late September.
In this article, I will summarize the setting procedure from the application gallery of Azure AD below.
Some images shown in this articles are quoted from
Tutorial: Azure Active Directory integration with Questetra BPM Suite.
Questetra BPM Suite has two types of Login URL as follows. In the case of old type URL, since being unable to pass the input check in the setting screen of Azure AD, you cannot set up from the application gallery. You need to set up by following the procedure of the past article mentioned at the top of this article.
– Old URL:https://xxx.questetra.net/xxx/
– New URL:https://xxx-xxx-xxx.questetra.net/
(Though it is same as the setting procedure introduced before,) you need to set up the following things at the Azure AD side in advance. Since the followings are general settings, not limited to Questetra, you can obtain more detailed information from web etc. if needed.
- As “Default Directory” cannot be utilized for SAML federation setting, it is required to add “Directory” in advance.
- In the case that you want to federate with user accounts which have own domain Email address, it is required to add “Domain” in advance. (Since Modifying settings of DNS server is required, you need cooperation with a domain administrator)
- It is required to register user accounts to the directory for federation in advance.
2. After selecting a target directory in the screen of Azure AD side, click “Applications” in the top menu.
6. Select “Azure AD Single Sign-On”, and then click “Next”.
7. Check “Show advanced settings”. From [SP Information] of Questetra in the different window (Step 1), Copy the [ACS URL], and then paste it into the [SIGN ON URL] and the [REPLY URL(OPTIONAL)]. Similarly, Copy the [Entity ID], and then paste it into the [ISSUER URL(OPTIONAL)]. Click “Next” after that.
8. Input each item of Azure AD into [IdP Setting] of Questetra, and then click “Save”. On the Azure AD side, click “Confirm that you have…” and then “Next”.
- Copy the [ISSUER URL(OPTIONAL)], and paste it into the [Entity ID]
- Copy the [Single Sign-On Service URL], and paste it into the [Sign-in page URL]
- Copy the [Single Sign-Out Service URL], and paste it into the [Sign-out page URL]
- Input “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress” into the NameID Format
- Copy the text data which created in the way shown below, and paste it into the [Verification certificate]
1. Download the certificate file from “Download certificate” on the Azure AD side.
2. Execute the downloaded file.
3. Click “Copy to File” in the “Details” tab of Certificate
4. Follow the Wizard
5. Select “Base 64 encoded X.509 (.CER)” and follow the wizard
6. Specify the name of the file and execute export
7. Open the exported file in the text editor, and copy it.
10. Now addition of application is completed. Then click “User”.
Set up is now complete.
I think the setting procedure has become easier than before.
Please practically use the federation setting with Azure AD.
|Prev article - 99. Miscellaneous||Website Redesigned|
|Next article - 99. Miscellaneous||Collaborating Various Web Service/Device with Cloud-based Workflow Easily|
|Another article - Kusaka Tsuyoshi||System Collaboration Examples (Ver. June, 2016)|