- Print
- DarkLight
- PDF
Nectar DXP SSO with Microsoft Azure
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
This document provides specific information about configuring Nectar DXP SSO with Microsoft Azure. For more general information about enabling SSO in Nectar DXP, refer to Configure Nectar DXP for SSO. The below procedure is an example only. Your specific requirements for Azure SSO configuration may vary.
Procedure
- Logon to Nectar DXP with an administrator account, and navigate to ADMIN on the top-bar, then to SSO Configuration on the left-side menu
- Click on GENERATE SAML FILE. A window will pop-up asking for the following information:
- Beside Service Provider Entity ID, enter a name to be used for the SSO entity ID. This must be unique in your Azure AD tenant and within Nectar DXP. Suggested format is nectar_companyname_sso IE. nectar_contoso_sso. No spaces, special characters or upper-case characters are allowed.
- Beside SSO User Groups Attribute, enter http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
- Click GENERATE when done.
- The screen will show an XML metadata file. Click the Download file button and save the XML file for later.
- Logon to portal.azure.com with an account that has rights to manage Azure Active Directory
- Navigate to Azure Active Directory
- On the left-side menu, select Enterprise applications
- Click on New application
- In the Browse Azure AD Gallery section, select Create your own application
- Create a name such as Nectar DXP SSO Integration. The name must be unique in your tenant.
- Select the radio button beside Integrate any other application you don't find in the gallery (Non-gallery)
- Under Getting Started select 2. Set up single sign on. Alternatively, select Single sign-onon the left-side menu.
- Under Select a single sign-on method, select SAML.
- Click on Upload metadata file, and select the XML metadata file downloaded in step #3
- You should see a SAML File upload success notification. Review the settings and click Save.
- Close the side window by clicking X. If prompted to test single sign-on, click No, I'll test later.
- In the Attributes & Claims section, select Edit.
- Click on Add a group claim
- On the Group Claims window that appears, select the appropriate radio button for your specific needs. At bare minimum, it is suggested to select either All groups or Security groups.
- Under Source attribute, select the attribute name that will be associated with the SSO application. This will determine how to identify which Azure group is mapped to the appropriate Nectar DXP role. If your Azure AD is not integrated with an on-prem Active Directory implementation, select Group ID. Otherwise, select the option that best suits your needs. Click Save when done.
- Close the Attributes & Claims window by clicking the X.
- Download the federation metadata XML by clicking the Download button beside that option on the SAML Signing Certificate section. Save the file for later.
- In Nectar DXP, upload the XML metadata downloaded in the previous step Nectar DXP under the Identity Provider Service Configuration section
- Under User Roles Mapping, select a Nectar DXP Tenant User Role on the left. The defaults are Administrator and ReadOnly. Additional roles can be defined if desired.
- Under External User Role, enter the name of the Azure group that you want to allow members to logon to Nectar DXP using the source attribute format selected in step #19. For example, if Group ID is the selected source attribute, enter the object ID of the desired group.
- Add additional role mappings as required
- Finally, click the Enable SSO login checkbox and click UPDATE
Validation
- Log out of Nectar DXP, and return to the login page.
- Select SSO Login and enter your domain name. Press NEXT.
- If all is well, you should be directed to your SSO provider to authenticate.
Was this article helpful?