Skip to main content
Question

SSO Azure UPN

  • September 29, 2022
  • 5 replies
  • 447 views
K
Do Gooder (Customer)
Forum|alt.badge.img+1
  • Kendall
  • Do Gooder (Customer)
  • 4 replies

does anyone know how to setup sso with azure using upn instead of eamail?

 

5 replies

K
Do Gooder (Customer)
Forum|alt.badge.img+1
  • Kendall
  • Author
  • Do Gooder (Customer)
  • 4 replies
  • September 30, 2022

Sorry I should have expanded on this a bit more.

I have tried all the usual things -- using upn for both fields, exposing upn in azure as an optional claim. 

using preferred_username in Azure - trying email in all sorts of configurations. The problem i was getting was when i set the directory id to our upn it was giving me a weird directory id as shown in the original post in this thread. now i am getting it to show my email address which is not even in ifs. so i am unclear on which way the mapping goes and to what fields. Thanks

I have asked this in a previous thread also. 

Problem with users that log in with SSO authentication in IFS Cloud. | IFS Community

Charith Epitawatta
Ultimate Hero (Employee)
Forum|alt.badge.img+31

Hi @Kendall,

Have a look at following KBA and the video which explains how to setup Azure AD:

https://community.ifs.com/framework-and-experience-101/how-to-set-up-external-idp-azuread-16337

Also the following documentation on attribute mapping for external IDP would be helpful:

https://docs.ifs.com/techdocs/22r1/030_administration/010_security/040_iam_settings/041_external_identity_providers/#attribute_mapping

Hope this helps!

Charith - https://charith.xyz
K
Do Gooder (Customer)
Forum|alt.badge.img+1
  • Kendall
  • Author
  • Do Gooder (Customer)
  • 4 replies
  • October 4, 2022

Good Morning @Charith Epitawatta ,

this by far is the most help I’ve gotten so far. I have seen the video although we had to use version 2 not 1 the problem that we have is when we use upn for our Azure claim we get an internal server error.

 

  • Use the correct active directory attribute that you use for Directory ID (Username) for Claim.

even if i remove the url per ---Please remove the User Infor endpoint from the IDP Configurations in order to work with Arritue Mappers.

 

we still get internal server error. 

for  our directory id i have tried all combinations of username and even email address. 

any thought on what the internal server error is or how i can find out?

thanks

 

T
Do Gooder (Customer)
Forum|alt.badge.img+6
  • TSPPRICH
  • Do Gooder (Customer)
  • 21 replies
  • May 16, 2024

Hi Kendall,

Did you get a resolution for this?

We are upgrading to IFS Cloud. Our company uses UPN that is not the email to login to Azure and I’ve hit similar issues. 

Thanks

Paul

Paul Richardson
T
Do Gooder (Customer)
Forum|alt.badge.img+6
  • TSPPRICH
  • Do Gooder (Customer)
  • 21 replies
  • May 23, 2024

Hi,
Just to update on my previous reply.
We have SSO working now.
Above the standard setup shown in the YouTube Video we had to ...
Add 2 Optional Claims in the Azure App Registration:
upn with Token Type ID
upn with Token Type Access

 

In IFS add an IdP Attribute Mapper Name= upn Claim = upn

Then obviously set the Directory ID of the user to be the Azure upn.

 

Regards

Paul

Paul Richardson

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings