View Source

In this guide, you can find information how to configure support of Active Directory SSO via SAML 2.0 protocol.

Created: September 2024

Permalink: https://wildix.atlassian.net/wiki/x/AQByM

Introduction

Starting from WMS 6.07.20240906.1, it is possible to configure support of Active Directory SSO via SAML 2.0 protocol.

Setup instructions

I. Configuration on Microsoft Entra side

1. Login to Microsoft Entra

2. Go to Applications -> Enterprise Applications (1) -> click New application (2):

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > add-application.png

3. Click on Create your own application:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > create-own-application.jpg

4. Enter the application name (1) and choose the option Integrate any other application you don’t find in the gallery (Non-gallery) (2):

5. Click Create

6. In the application you have created, go to Single sign-on settings:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > single-sign-on-settings.png

7. Click SAML:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > choose-saml.png

8. In front of Basic SAML Configuration, click Edit:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > basic-saml-configuration-edit.jpg 9. Fill out the following fields:

Identifier (Entity ID): a custom Unique Identifier, for example use your’s app title; this ID should later be also added to WMS
Reply URL fields: specify the URL where redirect will be allowed
Example:
https://<<PBX DOMAIN>>/api/microsoft/callback/?callback=callbackMicrosoftSingleSignOn

Where <<PBX DOMAIN>> is the domain of the PBX where the feature will be used

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > identifier-id-and-url.jpg

10. In Attributes & Claims section, you need to make sure that user email is used for Unique User Identifier:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > attributes-and-claims-unuque-user-identifier.jpg

For this, click Edit:

Click on Unique User Identifier:

In Name identifier format field, make sure the option Email address is selected:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > use-email-address-for-name-identifier-format.png

Click Save to apply the changes:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > save-changes-in-attributes-and-claims-section.png

11. Check pre-configured settings in other sections, which should be similar to settings described on the below screenshoot:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > saml-settings.jpg

12. In the SAML Certificates section, download SAML Certificate (Base 64), which will later be uploaded in WMS:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > download-saml-certificate.jpg

Note: You will also need the following data to be added to WMS settings:

Login URL
Microsoft Entra Identifier

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > login-url-microsoft-entra.jpg

13. Navigate to Users and Groups tab (1) and click Add user/group (2):

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > add-user-group.jpg

14. Select users who will be allowed to use this application for SSO login and click Select:

Documentation > How to configure support of Active Directory SSO via SAML 2.0 protocol > select-users.jpg

Important: Users emails should correspond to the emails used on the PBX for these users.

II. Configuration on WMS side

Go to WMS -> PBX -> Security page
Navigate to the section Active Directory Single SignOn via SAML 2.0 and tick off the checkbox in front of Enable field:
Upload the certificate which was downloaded in step 12 of Microsoft Entra configuration above
In the Enter Identifier (Entity ID) field, enter the ID you've added in step 9 of Microsoft Entra configuration
In the Login URL and Microsoft Entra Identifier fields, enter the data mentioned in step 12 of Microsoft Entra configuration
Click Save to apply the changes

Once set up, the Microsoft 365 SSO button works as SSO via SAML 2.0.