Tovuti support several single sign-on providers. This article outlines the steps to set up Azure Active Directory and covers the following concepts:
- Create SSO Record in Tovuti
- Configuring Azure Active Directory
- User Profile Field and Attribute Mapping
- User Group Mapping
- Enable Login Link
Create SSO Record in Tovuti
Go to Configuration > click Single Sign-On > click New
Details tab
In the Details tab, give this provider a Title. It is suggested that the title contains a reference to Azure for easy selection in the future. Select Azure Active Directory in SAML Application.
Click Save.
Configuring Azure Active Directory
In a new window or tab, go to portal.azure.com. Login to your account.
Select Azure Active Directory.
Select App Registrations > click New Registration
Name this SSO > in the Redirect URI field and paste the ACS (AssertionConsumerService) URL / Single Sign-On URL from the Service Provider Settings tab in Tovuti
Click Register.
Open the newly created SSO in Azure > select Application ID URI
Click Set > copy the Application ID URI > click Save
In Tovuti, click the Service Provider Settings tab and paste in the Application ID URI from Azure. Click Save.
For more information directly from Azure on this process, see the following documentation.
Return to Azure and select Endpoints > find and copy the Federation Metadata document (XML).
Paste this XML link into Import SAML Settings of the Identity Provider Settings tab in Tovuti> click Import > click Update > click Test Configuraiton.
User Profile Field and Attribute Mapping
After configuring all the settings in Azure> click the User Profile Field Mapping tab in Tovuti
Enable the desired settings and provide the attributes found in Azure. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab syncs the profile field and attribute information between Tovuti and Azure. The details of the User Profile Field Mapping tab are covered in this Help Center article.
While auto-registering the users on the Tovuti site, these attributes automatically map to Tovuti user details.
User Group Mapping
Go to the User Group Mapping tab.
Enable the desired settings and provide the attributes found in Azure. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab syncs group information between Tovuti and Azure. The details of the User Group Mapping tab are covered in this Help Center article.
While auto-registering, the users are assigned roles based on the group they are mapped to.
At any time, the configuration can be tested in the Identity Provider Settings tab.
It is recommended to run multiple tests over time to ensure everything is working properly.
Enable Login Link
Go to Details tab > toggle Yes on Add Login Link to Navigation > Select the menu where this link will appear and give the link a name
Click Save.