V24.2 Release – Best Practices Setting up SSO
Commit Works is excited to announce the release of our Single Sign On (SSO) feature in CiteOps. With the release of SSO, users can now log into CiteOps with their Active Directory accounts – increasing the ease in which users can access CiteOps and the security against unauthorised access.
First, a user must be added to the Active Directory group (please see slide 5). In order to create a user account for themselves they simply need to log into CiteOps with their Active Directory login details. After they have successfully logged in, they need to contact their site administrator to add the required CiteOps roles.
When a user is removed from the Active Directory account, though they will no longer be able to access CiteOps, their account in CiteOps is not automatically deactivated or deleted. This will need to be manually completed by the CiteOps site administrator.
To note, though we have designed the feature with Active Directory as our primarily goal – CiteOps can integrate with other user directories. Please contact support (support@commit.works) for more information.
Setting up SSO
(a) if you are using Azure AD, please navigate to enterprise application and select new application
(b) then select create your own application
(c) name your application i.e CiteOps test, CiteOps prod (implication being they will need one for test and prod)
(d) select option "Integrate any other application you don't find in the gallery"
(e) select SSO
(f) select SAML
(g) on the SAML setup screen, under basic SAML configuration Click Edit
V24.2 Release – Basic SAML configuration
1. Basic SAML configuration:
(i) Identifier: https://fewzionsite.commit,works/Identity/SAML
(ii) Reply URL (assertion consumer URL): https://fewzionsite.commit.works/Identity/SAML2/ACS
(iii) Logout URL: https://fewzionsite.commit.works/Identity/SAML2/Logout
2. User attributes and Claims configuration
(i) givenname: user.givename
(ii) surname: user.surname
(iii) emailaddress: user.mail
(iv) name: user.userprincipalname
(v) Unique User Identifier: user.mail
3. SAML signing certificate
Azure will generate 3 certificates, please send the below 3 files to support as they will be integrated into CiteOps:
(i) Base64
(ii) RAR
(iii) Federation metadata xml
4. Set up CiteOps SSO
AD will generate 3 URLs, please send the URLs to CiteOps support (support@commit.works) as we will need to configure them in CiteOps:
(i) Login URL
(ii) Azure AD Identifier
(iii) Logout URL
V24.2 Release – Assigning users and groups
Assigning users and groups:
(a) AD administrators are required to a create user group dedicated to accessing CiteOps, this user group should be added to the CiteOps integration in AD.
(b) Once Users have been added, Users should test logging into CiteOps to provision their user accounts in order to add access permissions.
(c) CiteOps administrators are then to add appropriate access polices to individual user accounts in CiteOps.