Solved

Using AzureAD as an identity provider for IFS Cloud (SAML)

  • 20 January 2023
  • 4 replies
  • 793 views
M
Rank
Badge +2

Has anyone successfully gotten IFS Cloud 21 up and running with AAD as an IAM Identity Provider?

 

I currently have one of my migration instances up and running, and setup to the best of my knowledge correctly, to reach out to AAD to perform user authentication. As I’ve had many situations in the past where screenshots where integral to my figuring things out, here is the setup I have for my IAM Identity Provider. 

 

The Enterprise Application side of things in my Azure tenant are configured as follows; 

When I go to Test SSO for my application from AAD, It appears happy about life; 

However, the new tab that is opened that was attempting to log me in simply states “Error, Internal Server Error.”

 

 

If I go to my main Aurena landing page, I do have it set to allow me to attempt to login with AAD. When I press this, I am taken to the generic “Authorize this application” screen we’re all friendly with in IT. I hit allow, but then land on a generic “Oops something went wrong. Unexpected error when authenticating with identity provider.

 

 

 

 

Has anyone gotten SAML logins to work with IFS Cloud & AAD? The documentation is hyper vauge and only has examples for SCIM, which I’d rather not do at the moment. (We’re still planning on leaving our environment behind our VPN, and do not want to slam a hole open from AAD>IFS systems, even if it is just for SCIM functionality)

icon

Best answer by Sajith D 23 January 2023, 00:09

View original

4 replies

M
Rank
Badge +2

Another thing to note is that we’re coming from an environment that was 100% ORACLE user authentication. Is there another mapping that needs to occur to establish the link between an AAD user and the historical oracle account?

william.klotz
Rank
Userlevel 7
Badge +21

Hi @mRiston ,

 

We are not using IFS Cloud yet but we do use Azure AD as our identity provider with IFS Application 10.

One thing we have to make sure is within the user their is a field called Directory ID we needed to make sure that was our Azure AD user id.  So for us our database users were firstname.lastname but we needed to make sure the directory id was firstname.lastname@domain.com once we did that change we were able to log into IFS using Azure AD.

 

Regards,

William Klotz

M
Rank
Badge +2

Hi @mRiston ,

 

We are not using IFS Cloud yet but we do use Azure AD as our identity provider with IFS Application 10.

One thing we have to make sure is within the user their is a field called Directory ID we needed to make sure that was our Azure AD user id.  So for us our database users were firstname.lastname but we needed to make sure the directory id was firstname.lastname@domain.com once we did that change we were able to log into IFS using Azure AD.

 

Regards,

William Klotz

Thanks for the reply William! Did you have this configured in AAD as a user attribute claim? I just tried configuring that attribute claim on AAD such that Claim Name ‘Directory ID’ matches user.onpremisessamaccountname. (I also tried with Directory.ID, but am not sure what mapping IFS is expecting)

S
Rank
Userlevel 7
Badge +21

Hi @mRiston ,

Is there a specific reason why you are trying to configure saml token for IFS Cloud? IFS IAM works with OpenID connect based tokens so that might explain why you are having issues. 

Unless there is a specific reason stopping you from using OIDC, probably worth having a look at 

 as setting up Azure to work with IFS Cloud is really straight forward. 

Cheers

Reply


Terms & ConditionsCookie settings