Skip to main content
JuniperLogo

Single Sign-on Setup

  • Updated

Accounts and Roles on your website are managed through User Manager.  If you would prefer to use Azure Active Directory accounts to be able to log in to the website, you can do so by following the steps below.  Once you have set up Active Directory to allow the Website to access your accounts, you will be able to specify which Active Directory user groups are linked to the Security Roles available on the website. 

 

Client Azure AD Setup Process 

  • Log in to your Microsoft Azure account and select Azure Active Directory from the menu.

  • Select App Registrations

  • Click on the New registration button to create the app instance

SSO01.png

SSO02.png

SSO03.png

  • To allow the Juniper Education CMS access to Azure AD, you will need three pieces of information from Azure.
    • Application (client) ID  
    • Directory (tenant) ID.
    • Client Secret

  • Two of these are found under the Overview section.

SSO04.png

  • The third is found under Certificates and secrets.
    • You can create a new secret for use in by the website by clicking on New client secret.

SSO05.png

  • Log in to your Microsoft Azure account and select Azure Active Directory from the menu.

  • Select App Registrations

  • Click on the New registration button to create the app instance

SSO06.png

SSO07.png

SSO08.png

  • To allow the Juniper Education CMS access to Azure AD, you will need three pieces of information from Azure.
    • Application (client) ID  
    • Directory (tenant) ID.
    • Client Secret

  • Two of these are found under the Overview section.

SSO09.png

  • The third is found under Certificates and secrets.
    • You can create a new secret for use in by the website by clicking on New client secret.

SSO10.png

 

Client Google Suite Setup

  • Login to https://console.developers.google.com/ 

  • If you have not created a project, click on the "Select a project" dropdown, then in the popup that appears click on "New Project". Give your project a name that will identify it within your organisation.
  • Once you have created your project, ensure it is selected from the "Select a project" dropdown.

  • You will need to create an OAuth consent screen from the OAUth Consent screen menu. This screen is to inform your users that they are supplying data to the service you are creating.
    • Choose Internal as your user type
    • ../auth/admin.directory.group.readonly should be added to the list of scopes for google APIs. This data is used by the CMS to determine which G Suite groups a user belongs to, and allocate them to a CMS group accordingly.
    • Add your web address into the "Authorised Domains" list. If your website uses multiple domains that you will be using then you should add each domain here.
    • The remaining options you should set as is appropriate for your users.

  • Select Credentials from the left hand menu
    • Click on the "Create Credentials" link, then select "OAuth client ID"

  • Set the URI and the post redirect URI. The app type should be set to web application.
    • The origin URI should be the web address for your site.
    • The authorised redirect URI should be the web address for your site followed by /ssosp/process/default.asp

  • After creating your credentials, copy the client ID and client secret. You will be able to access these later.

  • Once you have your details, log in to your CMS as an administrator.

 

Setting up SSO (Single Sign On) on your Website

  • Log in and select Website> Website Settings from the admin menu

  • Select Single Sign-on from the menu

    SettingupSSO.gif

Azure

  • Choose Azure AD as the provider

  • Enter the Client ID, Tenant ID and Client Secret from Azure

  • If you would like to set the Domain for logging in, add this too.

  • Save these settings

  • Once you have saved these settings, you will see a button to Authorise access to Azure AD.  Click the button, and follow through with the authorisation process.

  • Once access has been authorised, you will be able to use the Add/Remove Links button to match Active Directory groups to the Security Roles within the Website’s Content Management System.

  • You can Enable Single Sign-On by choosing how you will allow users to log in to the website.

  • Once you have made the required changes, click the Save button again

Google Suite

  • Select "G Suite" From the dropdown.

  • Enter the client ID, client secret, and the G Suite domain you will be using.
  • Save these settings

  • Once you have saved these settings, you will see a button to Authorise access to G Suite.  Click the button, and follow through with the authorisation process.

  • Once access has been authorised, you will be able to use the Add/Remove Links button to match G Suite Directory groups to the Security Roles within the Website’s Content Management System.

  • You can Enable Single Sign-On by choosing how you will allow users to log in to the website.
  • Once you have made the required changes, click the Save button again

 

Downloads

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles