|
| 1 | +--- |
| 2 | +title: 'Tutorial: Azure AD SSO integration with dominKnow|ONE' |
| 3 | +description: Learn how to configure single sign-on between Azure Active Directory and dominKnow|ONE. |
| 4 | +services: active-directory |
| 5 | +author: jeevansd |
| 6 | +manager: CelesteDG |
| 7 | +ms.reviewer: CelesteDG |
| 8 | +ms.service: active-directory |
| 9 | +ms.subservice: saas-app-tutorial |
| 10 | +ms.workload: identity |
| 11 | +ms.topic: tutorial |
| 12 | +ms.date: 08/23/2022 |
| 13 | +ms.author: jeedes |
| 14 | + |
| 15 | +--- |
| 16 | + |
| 17 | +# Tutorial: Azure AD SSO integration with dominKnow|ONE |
| 18 | + |
| 19 | +In this tutorial, you'll learn how to integrate dominKnow|ONE with Azure Active Directory (Azure AD). When you integrate dominKnow|ONE with Azure AD, you can: |
| 20 | + |
| 21 | +* Control in Azure AD who has access to dominKnow|ONE. |
| 22 | +* Enable your users to be automatically signed-in to dominKnow|ONE with their Azure AD accounts. |
| 23 | +* Manage your accounts in one central location - the Azure portal. |
| 24 | + |
| 25 | +## Prerequisites |
| 26 | + |
| 27 | +To get started, you need the following items: |
| 28 | + |
| 29 | +* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). |
| 30 | +* dominKnow|ONE single sign-on (SSO) enabled subscription. |
| 31 | +* Along with Cloud Application Administrator, Application Administrator can also add or manage applications in Azure AD. |
| 32 | +For more information, see [Azure built-in roles](../roles/permissions-reference.md). |
| 33 | + |
| 34 | +## Scenario description |
| 35 | + |
| 36 | +In this tutorial, you configure and test Azure AD SSO in a test environment. |
| 37 | + |
| 38 | +* dominKnow|ONE supports **SP** initiated SSO. |
| 39 | + |
| 40 | +## Add dominKnow|ONE from the gallery |
| 41 | + |
| 42 | +To configure the integration of dominKnow|ONE into Azure AD, you need to add dominKnow|ONE from the gallery to your list of managed SaaS apps. |
| 43 | + |
| 44 | +1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account. |
| 45 | +1. On the left navigation pane, select the **Azure Active Directory** service. |
| 46 | +1. Navigate to **Enterprise Applications** and then select **All Applications**. |
| 47 | +1. To add new application, select **New application**. |
| 48 | +1. In the **Add from the gallery** section, type **dominKnow|ONE** in the search box. |
| 49 | +1. Select **dominKnow|ONE** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. |
| 50 | + |
| 51 | +## Configure and test Azure AD SSO for dominKnow|ONE |
| 52 | + |
| 53 | +Configure and test Azure AD SSO with dominKnow|ONE using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in dominKnow|ONE. |
| 54 | + |
| 55 | +To configure and test Azure AD SSO with dominKnow|ONE, perform the following steps: |
| 56 | + |
| 57 | +1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. |
| 58 | + 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon. |
| 59 | + 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on. |
| 60 | +1. **[Configure dominKnowONE SSO](#configure-dominknowone-sso)** - to configure the single sign-on settings on application side. |
| 61 | + 1. **[Create dominKnowONE test user](#create-dominknowone-test-user)** - to have a counterpart of B.Simon in dominKnow|ONE that is linked to the Azure AD representation of user. |
| 62 | +1. **[Test SSO](#test-sso)** - to verify whether the configuration works. |
| 63 | + |
| 64 | +## Configure Azure AD SSO |
| 65 | + |
| 66 | +Follow these steps to enable Azure AD SSO in the Azure portal. |
| 67 | + |
| 68 | +1. In the Azure portal, on the **dominKnow|ONE** application integration page, find the **Manage** section and select **single sign-on**. |
| 69 | +1. On the **Select a single sign-on method** page, select **SAML**. |
| 70 | +1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings. |
| 71 | + |
| 72 | +  |
| 73 | + |
| 74 | +1. On the **Basic SAML Configuration** section, perform the following steps: |
| 75 | + |
| 76 | + a. In the **Identifier** textbox, type a URL using the following pattern: |
| 77 | + `https://<customer>.authr.it/SAML/dominKnowONE<customer>` |
| 78 | + |
| 79 | + b. In the **Reply URL** textbox, type a URL using the following pattern: |
| 80 | + `https://<customer>.authr.it` |
| 81 | + |
| 82 | + c. In the **Sign on URL** text box, type a URL using the following pattern: |
| 83 | + `https://<customer>.authr.it` |
| 84 | + |
| 85 | + > [!Note] |
| 86 | + > These values are not real. Update these values with the actual Identifier, Reply URL and Sign on URL. Contact [dominKnow|ONE support team](mailto:[email protected]) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal. |
| 87 | +
|
| 88 | +1. Your dominKnow|ONE application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows an example for this. The default value of **Unique User Identifier** is **user.userprincipalname** but dominKnow|ONE expects this to be mapped with the user's email address. For that you can use **user.mail** attribute from the list or use the appropriate attribute value based on your organization configuration. |
| 89 | + |
| 90 | +  |
| 91 | + |
| 92 | +1. On the **Set-up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer. |
| 93 | + |
| 94 | +  |
| 95 | + |
| 96 | +1. On the **Set up dominKnow|ONE** section, copy the appropriate URL(s) based on your requirement. |
| 97 | + |
| 98 | +  |
| 99 | + |
| 100 | +### Create an Azure AD test user |
| 101 | + |
| 102 | +In this section, you'll create a test user in the Azure portal called B.Simon. |
| 103 | + |
| 104 | +1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**. |
| 105 | +1. Select **New user** at the top of the screen. |
| 106 | +1. In the **User** properties, follow these steps: |
| 107 | + 1. In the **Name** field, enter `B.Simon`. |
| 108 | + 1. In the **User name ** field, enter the [email protected]. For example, `[email protected]`. |
| 109 | + 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box. |
| 110 | + 1. Click **Create**. |
| 111 | + |
| 112 | +### Assign the Azure AD test user |
| 113 | + |
| 114 | +In this section, you'll enable B.Simon to use Azure single sign-on by granting access to dominKnow|ONE. |
| 115 | + |
| 116 | +1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. |
| 117 | +1. In the applications list, select **dominKnow|ONE**. |
| 118 | +1. In the app's overview page, find the **Manage** section and select **Users and groups**. |
| 119 | +1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog. |
| 120 | +1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. |
| 121 | +1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected. |
| 122 | +1. In the **Add Assignment** dialog, click the **Assign** button. |
| 123 | + |
| 124 | +## Configure dominKnowONE SSO |
| 125 | + |
| 126 | +To configure single sign-on on **dominKnow|ONE ** side, you need to send the downloaded **Federation Metadata XML ** and appropriate copied URLs from Azure portal to [dominKnow|ONE support team ](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides. |
| 127 | + |
| 128 | +### Create dominKnowONE test user |
| 129 | + |
| 130 | +In this section, you create a user called Britta Simon in dominKnow|ONE. Work with [dominKnow|ONE support team ](mailto:[email protected]) to add the users in the dominKnow|ONE platform. Users must be created and activated before you use single sign-on. |
| 131 | + |
| 132 | +## Test SSO |
| 133 | + |
| 134 | +In this section, you test your Azure AD single sign-on configuration with following options. |
| 135 | + |
| 136 | +* Click on **Test this application** in Azure portal. This will redirect to dominKnow|ONE Sign-on URL where you can initiate the login flow. |
| 137 | + |
| 138 | +* Go to dominKnow|ONE Sign-on URL directly and initiate the login flow from there. |
| 139 | + |
| 140 | +* You can use Microsoft My Apps. When you click the dominKnow|ONE tile in the My Apps, this will redirect to dominKnow|ONE Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md). |
| 141 | + |
| 142 | +## Next steps |
| 143 | + |
| 144 | +Once you configure dominKnow|ONE you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad). |
0 commit comments