HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In

Set up Microsoft Azure SSO

This topic describes the steps to set up Microsoft Azure Active Directory Federation Services (ADFS) Single Sign-On (SSO) for the Admin Console and the storefront.

Create a New Application Registration in Microsoft Azure

  1. Go to Azure Active Directory in the Azure portal.
  2. Select App registrations under Manage in the Microsoft Azure portal.
  3. Click New registration to register a new application.
  4. Enter a display Name for your application.
  5. Specify who can use the application, sometimes called the sign-in audience.
  6. Click Register.

  1. Click Add an Application ID URI for the application.
  2. Click Set next to Application ID URI. Copy the default value, which will be used later.

  1. Click Save.
  2. Click Add a Redirect URI for the application.
  3. Select the platform for your app. For example, enter https://www.b2bcommercesite/identity/externalcallback if used for the storefront or https://www.b2bcommercesite/identity/adminexternalcallback if used for the admin console (where www.b2bcommercesite is your url) for the Redirect URI, and click Configure.

  1. Return to the Overview page for your app and note the Directory (tenant) ID for tenant-specific endpoints. For tenant-independent endpoints, use the FEDERATION METADATA DOCUMENT endpoint value in this article.

Enable Windows SSO

  1. Navigate to Administration > System > Settings in the Admin Console.
  2. Search for Allow Sign in With Windows Account. (You may also navigate to Site Configurations > Windows SSO from Settings.)
  3. Set the Allow Sign in With Windows Account toggle to YES. If Yes, a Windows button will appear on the sign in page. Default value: No.
  4. Set the Use Windows Sign In on Storefront toggle to YES, if you want to enable this. If Yes, a Windows button will appear on the storefront sign in page. Default value: No. If this setting is enabled, the following fields will be available:
  • Storefront Caption - This is the caption to show on the Windows button. Default value: Windows.
  • Storefront Application ID URI - This is the globally unique URI used to identify this web API. Also referred as an identifier URI, it works as the prefix for scopes and in access tokens as well as the value of the audience claim. Paste the text copied from the Application ID URI from step 8 above into this field. The default is blank.
  • Storefront Windows Metadata URL - This is the address used to retrieve WsFederation metadata. The default is blank.
  1. Set the Use Windows Sign In on Admin Console to YES, if you want to enable this. If Yes, a Windows button will appear on the Admin Console sign in page. Default value: Yes. If this setting is enabled, the following fields will be available:
  • Admin Console Caption - This is the caption to show on the Windows button. Default value: Windows.
  • Admin Console Application ID URI - This is the globally unique URI used to identify this web API. Also referred as an identifier URI, it works as the prefix for scopes and in access tokens as well as the value of the audience claim. Paste the text copied from the Application ID URI from step 8 above into this field. The default is blank.
  • Admin Console Windows Metadata URL - This is the address used to retrieve WsFederation metadata. The default is blank. Under endpoints in Azure this would be the Federation metadata document.
740740
  1. Click Save.

📘

Note

If you plan on using SSO for the Admin Console and you do not wish to automatically assign any permissions, you should update the Assign A/C User Role with SSO setting to NO under Administration > System > Settings > System Settings > Security. New Admin Console users will then require an existing user to set their roles up manually. Default value: Yes.

Configure the SSO Clients

  1. Go to Administration > Permissions > Single Sign On in the Admin Console.
  2. If you want to use Windows for the storefront, click Edit for the ext client.
  1. If you want to use Windows for the Admin Console, click Edit for the isc_admin_ext client.


Did this page help you?