Accounts and Roles on your website are managed through User Manager. If you would prefer to use Azure Active Directory or Google Workspace accounts to be able to log in to the website, you can do so by following the steps below. Once you have set up Active Directory to allow the Website to access your accounts, you will be able to specify which Active Directory user groups are linked to the Security Roles available on the website.
- Client Azure AD Setup Process
- Client Google Suite Setup
- Setting up SSO (Single Sign On) on your website
Client Azure AD Setup Process
-
Log in to your Microsoft Azure account and select Azure Active Directory from the menu.
- Select App Registrations
- Click on the New Registration button to create the app instance
- Add a name and the supported account types to the application, and at this point you should also add a Redirect URI.
- This should be your website address followed by /admin/login/sso/oauth/return.asp
For example, if we set up SSO for https://www.junipereducation.org we would enter https://www.junipereducation.org/admin/login/sso/oauth/return.asp
- This should be your website address followed by /admin/login/sso/oauth/return.asp
- In the App Registration, select Authentication from the menu.
- Under Advanced settings enter a logout URL.
- This should be your website address followed by /ssosp/logout. If we set up SSO for https://www.junipereducation.org we would enter https://www.junipereducation.org/ssosp/logout.
- This should be your website address followed by /ssosp/logout. If we set up SSO for https://www.junipereducation.org we would enter https://www.junipereducation.org/ssosp/logout.
- Click the Save button at the top.
- To allow the Juniper Education CMS access to Azure AD, you will need three pieces of information from Azure.
- Application (client) ID
- Directory (tenant) ID.
- Client Secret
- Two of these are found under the Overview section.
- The third is found under Certificates and Secrets.
- You can create a new secret for use on the website by clicking New client secret.
-
Log in to your Microsoft Azure account and select Azure Active Directory from the menu.
- Select App Registrations
- Click on the New Registration button to create the app instance
- Add a name and the supported account types to the application, and at this point, you should also add a Redirect URI.
- The authorised redirect URI that needs to be added can be found in your website CMS. To obtain this access the Website Tab> Website Settings and open the relevant tab for the item you are enabling, e.g. Single Sign On.
- In the App Registration, select Authentication from the menu.
- Under Advanced settings enter a logout URL.
-
The authorised redirect URI that needs to be added can be found in your website CMS. To obtain this access the Website Tab> Website Settings and open the relevant tab for the item you are enabling, e.g. Single Sign On.
-
The authorised redirect URI that needs to be added can be found in your website CMS. To obtain this access the Website Tab> Website Settings and open the relevant tab for the item you are enabling, e.g. Single Sign On.
- Click the Save button at the top.
- To allow the Juniper Education CMS access to Azure AD, you will need three pieces of information from Azure.
- Application (client) ID
- Directory (tenant) ID.
- Client Secret Value
- Two of these are found under the Overview section.
- The third is found under Certificates and Secrets.
- You can create a new secret for use by the website by clicking on New client secret.
- Once you have generated the Client Secret, copy the value, which is only visible when you first create it. If you need a new secret, delete the existing one, and create a new one to be used with your website.
Client Google Suite Setup
- Login to https://console.developers.google.com/
- If you have not created a project, click on the Select a project dropdown, then in the popup that appears click on New Project. Give your project a name that will identify it within your organisation.
- Once you have created your project, ensure it is selected from the Select a project dropdown.
- You will need to create an OAuth consent screen from the OAUth Consent screen menu.
This screen is used to inform your users that they are supplying data to the service you are creating.- Choose Internal as your user type
-
../auth/admin.directory.group.readonly should be added to the list of scopes for Google APIs.
This data is used by the CMS to determine which G Suite groups a user belongs to, and allocate them to a CMS group accordingly. - Add your website address to the Authorised Domains list.
NB If your website uses multiple domains that you will be using then you should add each domain here. - The remaining options you should set as appropriate for your users.
- Select Credentials from the left hand menu
- Click on the Create Credential link, then select OAuth client ID
- Click on the Create Credential link, then select OAuth client ID
- Set the URI and the post redirect URI. The app type should be set to web application.
- The origin URI should be the web address for your site.
- The authorised redirect URI that needs to be added can be found in your website CMS.
To obtain this access the Website Tab> Website Settings and open the relevant tab for the item you are enabling, e.g. Single Sign On.
- After creating your credentials, copy the client ID and client secret. You will be able to access these later.
- Once you have your details, log in to your CMS as an administrator.
Setting up SSO (Single Sign On) on your Website
- Log in and select Website Tab> Settings> Website Settings from the admin menu
- Select Single Sign-on from the menu
Azure
-
Choose Azure AD as the provider
- Enter the Client ID, Tenant ID and Client Secret from Azure
- If you would like to set the Domain for logging in, add this too.
-
Save these settings
- Once you have saved these settings, you will see a button to Authorise access to Azure AD. Click the button, and follow through with the authorisation process.
- Once access has been authorised, you will be able to use the Add/Remove Links button to match Active Directory groups to the Security Roles within the Website’s Content Management System.
- You can Enable Single Sign-On by choosing how you will allow users to log in to the website.
- Once you have made the required changes, click the Save button again
Google Suite
- Select "G Suite" From the dropdown.
- Enter the client ID, client secret, and the G Suite domain you will be using.
-
Save these settings
- Once you have saved these settings, you will see a button to Authorise access to G Suite. Click the button, and follow through with the authorisation process.
- Once access has been authorised, you will be able to use the Add/Remove Links button to match G Suite Directory groups to the Security Roles within the Website’s Content Management System.
- You can Enable Single Sign-On by choosing how you will allow users to log in to the website.
- Once you have made the required changes, click the Save button again