Azure Active Directory (Azure AD) is a cloud-based user authentication service, used by Office 365, to manage identities and authentication. eFront lets you integrate your portal with Azure Active Directory to synchronize passwords and set up Single Sign-On (using its SAML configuration).
To do this:
Step 1: Enable SAML support in your portal.
1. Sign in to your eFront account as the main Administrator.
2. Select Home > System settings > Single Sign On > SAML.
3. Check option Enable SAML support (1).
Step 2: create eFront application in Azure AD.
1. Open the Microsoft Azure portal (https://portal.azure.com/) and select Azure Active Directory (1).
2. In the Manage list select Enterprise applications (2). On the panel that appears, click New application (3).
3. Select Non-gallery application (1), set a name (2), click Add (3) and wait for it to be created.
Step 3: Allow users to access eFront application.
1. You can find the eFront application in Azure Active Directory > Enterprise applications > eFront.
2. In the Manage list, select Users and groups (1). On the panel that appears, click Add user (2).
3. Add the users/groups you want from the list, or by searching for them and by clicking Select.
4. When all the users/groups have been selected click Assign.
Step 4: Add the Azure AD Single sign-on configuration date to eFront SAML settings.
1. Open the eFront application, you can find it in Azure Active Directory > Enterprise applications > eFront.
2. In the Manage list, select Single sign-on (1). On the panel that appears, click SAML (2).
3. Azure AD SAML configuration has 5 different sections, which you will need to edit.
Proceed with editing the first section.
Click on the editing icon (Basic SAML Configuration, top-right corner). You will need to add the respective URL from eFront SAML settings to Azure AD. To do that, access your eFront portal as System Administrator and go to Home > System settings > Single Sign-On > SAML. Enter the URLs in Azure AD - Basic SAML Configuration:
|Identifier (1)||your eFront Main URL|
|Reply URL (2)||Assertion Consumer Service URL|
|Logout URL (3)||Single Logout Service URL|
Note: In the following images you will see matching numbers. You will need to transfer the URLs from eFront settings (images 1 and 2) to Azure AD settings (image 3). Use the numbers to match the respective information.
Note 1: azure-saml.dev.efrontlearning.com (1) is used in this guide as an example, in your case, it should be your own eFront Main URL.
Note 2: if you are setting up SAML in a Branch level, the Main URL is replaced with the domain name of the branch that can be found in Home > Branches > Branch name > Domain name for branch.
4. When you are done select Save and proceed with editing the second section in Azure, User Attributes and Claims. This section is about the information Azure will send to eFront, so you will be doing the reverse process.
The URLs on the left called claims will need to be copied to eFront's relevant SAML fields. Copy and paste the Azure value to the corresponding eFront SAML field. Here is a table for your convenience.
|Azure Value||eFront SAML field|
|user.mail (1)||TargetedID, Email|
|user.givenname (2)||First name|
|user.surname (3)||Last name|
Note: In the following images you will see matching numbers. You will need to transfer the URL from Azure AD settings (image 4) to eFront SAML settings (image 5). Use the numbers to match the respective information.
Note: The claims value can be customized to contain any value. We are using the Azure user's email for both Email and TargetedID, which means that on eFront the user's email will also be his/her username. We recommend this option to reduce compatibility issues.
5. Copy the Thumbprint (1) and paste it into the Certificate Fingerprint on eFront SAML settings.
6. You will need to enter the provided URLs in the fourth section into eFront SAML as follows.
|Login URL (1)||Remote Sign-in URL|
|Azure AD Identifier (2)||Identity Provider|
|Logout URL (3)||Remote Sign-out URL|
Note: In the following image you will see matching numbers. You will need to transfer the URL from Azure AD settings (image 6) to eFront SAML settings (image 7). Use the numbers to match the respective information.
7. After entering the above data in their respective entry fields, click on SAVE in eFront portal.
You are now ready to use Azure AD with SAML on eFront.