Single Sign On (SSO) is a new feature that has recently been added to Fewzion.
SSO has the following advantages:
1.Reduces password fatigue for users. Their organisation login works to securely log them into Fewzion.
2.Provides a central location for user management. Users can be quickly added and removed from access groups by the AD administrators. This helps to simplify username and password management and can help reduce the helpdesk workload.
3.Improves security capabilities by enforcing password complexity rules and 2nd Factor Authentication.
The setup of this feature requires the AD Administrator on site to follow some steps. Though we have designed the feature with Active Directory as our primary goal – Fewzion can integrate with other user directories provided they support SAML2
In case of any doubts on this, please contact support (firstname.lastname@example.org) for more information.
Setting up SSO based on Azure AD – Please note that this setup needs to be done only once, with the configuration shown below created for the Test and the Production site.
- Open Microsoft Azure
- Create a new Enterprise application - Fewzion Test SSO / Fewzion Prod SSO (Feel free to name according to your conventions)
- Select option ‘Integrate any other application you don't find in the gallery’.
- Select ‘Set up Single Sign On’ option.
- There are 5 steps to set up SAML.
Step 1: In the Basic SAML Configuration section, insert the name of your site in the highlighted part
- Identifier: https://fewzionsite.commit.works/Identity/SAML.
- Reply URL (assertion consumer URL):
- Logout URL: https://fewzionsite.commit.works/Identity/SAML2/Logout
Step 2: In the User Attributes & Claims section, complete all the fields
(i) givenname: user.givename
(ii) surname: user.surname
(iii) emailaddress: user.mail
(iv) name: user.userprincipalname
(v) Unique User Identifier: user.mail
Step 3: In the SAML Signing Certificate section.
- Download the three generated signing certificates (refer to point 1 in the image below) along with a URL (refer to point 2 in the image below) generated by Azure
- These certificates and URL’s must be sent to email@example.com, so as to integrate them into Fewzion.
Step 4: In the Set up Fewzion Test SSO section,
- Copy and send the generated LoginURL, Azure AD Identifier and Logout URL to firstname.lastname@example.org
. These URLS are added to your site’s Fewzion settings
Step 5: The Test Single Sign-on with the SSO section can be safely ignored.
- Once, all the above steps are completed then, we can create and assign User groups to access to Fewzion.
- Once users are added, they can login to Fewzion using their organizations credentials.
- Then the users can send an email to their Administrators who will then assign the appropriate roles to them within Fewzion.
- When a user is removed from the Active Directory account, they will no longer be able to access Fewzion, their account in Fewzion is not automatically deactivated or deleted. This will need to be manually completed by the Fewzion site administrator
- After making sure that the deployment of SSO is working as expected in the Test site, repeat steps 1 to 8 for the Production Site.