Introduction:
Using your organisations Active Directory (AD) for Single-Sign-On (SSO) improves the user login experience and provides extra control over access as employee's enter and exit the organisation.
Contents:
Prerequisites:
In order to enable AD SSO for FBO One users, you will need:
- A private user account for each user.
- An FBO One tenant account set up in your organisation active directory.
Instructions:
There are 3 main steps to enabling this functionality:
- Setup the Active Directory (AD) account.
- Configure OpenID directory in FBO One.
- Link FBO One users to the AD.
Note: We highly recommend setting up this feature in the test instance and confirming the correct settings before deploying to Live:
- Provides a chance to ensure the correct setup of changes to FBO One AND Azure SSO.
- Avoids confusing users by conducting testing in Live
- Once configured, the SSO login option will be visible on the login page and cannot be hidden.
1. Setup the AD account
- Provide the following link to the IT Department to assist is setting up the Active Directory Account.
- Following the creation of the active directory, ask them to provide the following parameters:
- Application (client) ID: Provided by your AD service
- Directory (tenant) ID: Provided by your AD service
- Authority: e.g login.microsoftonline.com
2. Configure OpenID directory in FBO One
This task is performed by the FBO One Engineering team. Submit a support request for the OpenID Setup providing the 3 parameters outlined above and the desired directory name (string max 25chars) that will be used in the login button displayed below.
3. Link FBO One users to the AD
The mapping of Users to the Active Directory can be completed either from the administration Users page or from the administration OpenID Directory page.
Creating a mapping via the administration Users page.
- Navigate to Users (Administration) page.
- ‘Select’ the user name that you would like to link to the directory.
- In the 'OpenID Directory User Account’ section click ‘Add new’ to create a new mapping.
- Choose a directory from the ‘Directory’ drop down.
- Insert the ‘User principal name', as displayed in Azure, in to the ‘Directory user’ field.
- Ensure ‘Enabled’ is checked, if unchecked the mapping is disabled.
-
Optional: Allow FBO One credentials:
If ‘Yes’, the traditional FBO One login details will still be available for login.
If ‘No’ users are forced to login via the Active Directory user. - Click ‘Save’.
Creating a mapping in the OpenID Directories page.
- Navigate to the OpenID Directories (Administration) page.
- ‘Select’ the required directory listed in the ‘OpenID Connect Directories’ table.
- In the 'Mapping of FBO One user on external directory user' section click ‘Add new’ to create a new mapping.
- Choose an FBO One user account from the ‘FBO One user’ drop down.
- Insert the ‘User principal name' as displayed in Azure, in to the ‘Directory user’ field.
- Ensure ‘Enabled’ is checked, if unchecked the mapping is disabled.
-
Optional: Allow FBO One credentials:
If ‘Yes’, the traditional FBO One login details will still be available for login.
If ‘No’ users are forced to login via the Active Directory user. - Click ‘Save’.
Comments
0 comments
Please sign in to leave a comment.