You are able to use Azure AD (Active Directory) as an Identity Provider (IdP) to log users and agents into Deskpro. We will use the SAML setup instructions, which will assist to set up this integration.
You will require Global Administrator access to your Azure Active Directory platform to complete this set up. This is something your IT provider/administrator will have.
Creating a custom Azure App
1.Log into your https://portal.azure.com management area, and navigate to Azure Active Directory > Enterprise Applications
2.Under All Applications, select New Application
3.Select Non-gallery Application - specify any name for this application, and press Add
The name you define here is arbitrary and does not affect functionality. It can be anything you choose, in this example I have gone for "Deskpro SAML Login" for simplicity.
It may take a minute of so for the app creation to complete.
4.Press "Single sign-on" and select SAML as the method.
Creating a Deskpro SAML Connector
5.Populate the SAML setup information with the data provided to you in Azure.
You will be asked for some configuration options. You will now need to jump over to your Deskpro admin area, and create a SAML connector using the SAML setup information.
Tick the Enabled? checkbox.
Deskpro | Azure | Required |
|---|---|---|
SSO: Single Sign On URL | Login URL | Yes |
SLO: Single Log Off URL | Logout URL | No (Recommended) |
Metadata: Issuer XML metadata URL | App Federation Metadata URL | Yes |
X509 Certificate | Certificate (Base64) | Yes |
X509 Certificate Fingerprint | Thumbprint | No (Recommended) |
Custom Metadata XML | Federation Metadata XML | Yes |
The
Certificatewill download as a.cerfile. This is fine to upload into Deskpro.The
Federation Metadata XMLwill download as a.xmlfile. You will need to open this in a text editor (e.g Notepad) and copy the contents into Deskpro.Sign Authentication Requestcan be left blank.Name ID Formatcan be left as default. This would usually beurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
It is up to you whether you want to go for Automatic or Disabled SSO.
If you are not sure, we would recommend Disabled mode, and specifying a Login Button Text - this can be any text you desire, in this example I will use Azure Login. This can be changed later.
When all the data is populated in the Deskpro Application, press "Install App"
Configuring the Azure SAML SSO
After the SAML app completes loading, it will give a "SAML Authentication has been installed successfully." message. Press Continue.
6.Similar to the previous step, we need to grab some configuration data from Deskpro and input this back into the Azure SAML App
Deskpro | Azure | Required |
|---|---|---|
Metadata URL (Entity ID) | Identifier (Entity ID) | Yes |
Consumer Service URL (ACS) | Reply URL (Assertion Consumer Service URL) | Yes |
Single Logout Service URL (SLS) | Logout Url | No |
Your Deskpro Homepage | Sign on URL | No |
7.Press the Pencil icon to modify your basic configuration.
8.Press Save after filling out the required details.
Managing Azure group policies
You must allow your users to make use of this application by setting correct user/group policies. Otherwise you may hit an error like so:
AADSTS50105: The signed in user 'demouser01@deskprotest.onmicrosoft.com' is not assigned to a role for the application '36ec2a82-1328-4549-84d5-e84567649900'(Deskpro SAML Login). copyYou are able to add permissions for any group of users, and specific users to the new azure app you have created. You will need to add to navigate to "Users and Groups" and press Add User
Navigate through your account to find the staff you would like to associate with the app. You may want to allow different groups, which is certainly possible. Here we have a Support Staff group.
Any users in that group will now be allowed access to the system.
Logg på for å registrere eller sende inn en kommentar.