Configuring Single Sign-On with Azure AD (Office365) for Cloud-based Workflow (as of October, 2015)

Now it is easier to configure Single Sign-On federation with Microsoft Office365 Azure!

 

I have written the following article before.
Configuring Single Sign-On with Azure AD (Office365) for Cloud-based Workflow
I think the setting procedure shown in this article was a little complex.

Now it is easier to configure it. It is because Questetra was allowed to be registered in the application gallery of Azure Active Directory (Azure AD) in late September.

In this article, I will summarize the setting procedure from the application gallery of Azure AD below.

 

The tutorial for the setting procedure is also available in the website of Microsoft Azure. In addition to the description of SAML federation settings, there you can refer to other parts of settings such as the procedure of adding a test user. It is very helpful description.

Some images shown in this articles are quoted from
Tutorial: Azure Active Directory integration with Questetra BPM Suite.

Note that there are the following limitations when you set up from the application gallery of Azure AD.
Questetra BPM Suite has two types of Login URL as follows. In the case of old type URL, since being unable to pass the input check in the setting screen of Azure AD, you cannot set up from the application gallery. You need to set up by following the procedure of the past article mentioned at the top of this article.
– Old URL:https://xxx.questetra.net/xxx/
– New URL:https://xxx-xxx-xxx.questetra.net/

Setting Details

(Though it is same as the setting procedure introduced before,) you need to set up the following things at the Azure AD side in advance. Since the followings are general settings, not limited to Questetra, you can obtain more detailed information from web etc. if needed.

  • As “Default Directory” cannot be utilized for SAML federation setting, it is required to add “Directory” in advance.
  • In the case that you want to federate with user accounts which have own domain Email address, it is required to add “Domain” in advance. (Since Modifying settings of DNS server is required, you need cooperation with a domain administrator)
  • It is required to register user accounts to the directory for federation in advance.

1. First, display the SAML federation settings screen of the Questetra side in a different window in advance.
[System Settings]->[SSO(SAML)]->[Single Sign-On(SAML)]
Single Sign-On (SAML) System settings - Questetra BPM Suite

2. After selecting a target directory in the screen of Azure AD side, click “Applications” in the top menu.

3. Select “Add an application from the gallery.”
AAD01cut

4. Search “Questetra” from the search window in the right top. Select “Questetra BPM Suite” in the results.
AAD02cut

5. Addition of application is now completed. Next, click “Configure single sign-on”.
AAD03cut

6. Select “Azure AD Single Sign-On”, and then click “Next”.

AAD04cut

7. Check “Show advanced settings”. From [SP Information] of Questetra in the different window (Step 1), Copy the [ACS URL], and then paste it into the [SIGN ON URL] and the [REPLY URL(OPTIONAL)]. Similarly, Copy the [Entity ID], and then paste it into the [ISSUER URL(OPTIONAL)]. Click “Next” after that.
AAD06cut2

8. Input each item of Azure AD into [IdP Setting] of Questetra, and then click “Save”. On the Azure AD side, click “Confirm that you have…” and then “Next”.

  • Copy the [ISSUER URL(OPTIONAL)], and paste it into the [Entity ID]
  • Copy the [Single Sign-On Service URL], and paste it into the [Sign-in page URL]
  • Copy the [Single Sign-Out Service URL], and paste it into the [Sign-out page URL]
  • Input “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress” into the NameID Format
  • Copy the text data which created in the way shown below, and paste it into the [Verification certificate]

AAD07cut
Single Sign-On (SAML) System settings_IdP

++ Create data of [Verification certificate] ++
1. Download the certificate file from “Download certificate” on the Azure AD side.
2. Execute the downloaded file.
3. Click “Copy to File” in the “Details” tab of Certificate
AAD07_14. Follow the Wizard
5. Select “Base 64 encoded X.509 (.CER)” and follow the wizard
AAD07_26. Specify the name of the file and execute export
7. Open the exported file in the text editor, and copy it.

9. Change the “NOTIFICATION E-MAIL” if needed, and then “Next”
AAD08cut

10. Now addition of application is completed. Then click “User”.

11. Select a User which you want to federate with Questetra, and then click “Assign”.
AAD09cut

Set up is now complete.

I think the setting procedure has become easier than before.
Please practically use the federation setting with Azure AD.

 

About Kusaka Tsuyoshi

営業をやってますが、もともとエンジニアなので、プログラミングもやります。
View all posts by Kusaka Tsuyoshi

Recommendations
Prev article - 99. Miscellaneous Website Redesigned
Next article - 99. Miscellaneous Collaborating Various Web Service/Device with Cloud-based Workflow Easily
Another article - Kusaka Tsuyoshi System Collaboration Examples (Ver. June, 2016)

Archive

 RSS