diff --git a/USER_GUIDE.md b/USER_GUIDE.md index ab786f4..803b887 100644 --- a/USER_GUIDE.md +++ b/USER_GUIDE.md @@ -1,20 +1,55 @@ -# Microsoft ADFS +# SAML SSO -The Microsoft ADFS (Active Directory Federation Services) service is a software for logging in to various services using "single sign-on". This means that you have the possibility to log in to Eliona with your Microsoft account or to access Eliona directly after Windows login without entering your credentials. +## Overview -![Configuration frontend](user_guide/frontend.webp) +The SAML SSO (Security Assertion Markup Language Single Sign-On) app allows users to log into Eliona using various SSO providers, including Microsoft ADFS. This setup streamlines authentication by using a single set of credentials. -To integrate Microsoft ADFS as an app in Eliona, you need to register a new app in your Azure account with the URL of your Eliona system. After registering the app, you will receive all the necessary data to configure ADFS in Eliona: +## Configuration -![Azure app registration](user_guide/azure_app_registration.avif) +![Configuration frontend](user_guide/frontend.webp) -## Configuration +To integrate a generic SAML SSO provider with Eliona, follow these general steps: -1. **MS Log-in**: Activate the log-in button "via Microsoft" by clicking "Active". - ![MS Log-in](user_guide/login.avif) -2. **Metadata URL**: Enter the Metadata URL from your Microsoft Azure account (found under app registration -> Endpoints). - ![Metadata URL](user_guide/metadata.png) +### General SAML SSO Settings + +1. **Enable SAML SSO**: Activate the log-in button "via SAML". +2. **Metadata URL**: Enter the Metadata URL provided by your SAML SSO provider. 3. **Own URL**: Enter your Eliona system URL (e.g., `https://customer.eliona.cloud`). -4. **Private Key**: Enter the private key in PEM format, matching your Azure certificate (found under Certificates & secrets -> Certificate). - ![Private Key](user_guide/certificate.png) -5. **Certificate**: Can be a self-generated certificate. +4. **Private Key**: Enter the private key in PEM format. +5. **Certificate**: Enter the certificate, which can be self-generated. + +For detailed configuration steps, refer to your SSO provider's documentation. + +### Microsoft ADFS Settings + +To configure Microsoft ADFS specifically, follow these steps: + + +### Microsoft ADFS Settings + +To configure Microsoft ADFS specifically, follow these steps: + +1. **Register a New App in Azure** + - Go to the [Azure portal](https://portal.azure.com/). + - Navigate to **Azure Active Directory** > **App registrations** > **New registration**. + - Enter your application name and redirect URI (e.g., `https://customer.eliona.cloud`). + - Click **Register**. + ![Azure app registration](user_guide/azure_app_registration.avif) + +2. **Receive Configuration Data** + - After registration, you'll get the necessary data for ADFS configuration in Eliona. + - Note down the Application (client) ID, Directory (tenant) ID, and generate a client secret. + +3. **Configure ADFS Settings in Eliona** + - **MS Log-in**: Activate the log-in button "via Microsoft" by clicking "Active". + ![MS Log-in](user_guide/login.avif) + - **Metadata URL**: Enter the Metadata URL from your Microsoft Azure account (found under app registration -> Endpoints). + ![Metadata URL](user_guide/metadata.png) + - **Own URL**: Enter your Eliona system URL (e.g., `https://customer.eliona.cloud`). + - **Private Key**: Enter the private key in PEM format, matching your Azure certificate (found under Certificates & secrets -> Certificate). + ![Private Key](user_guide/certificate.png) + - **Certificate**: Can be a self-generated certificate. + +For detailed steps on how to register an app in Azure, refer to the official [Microsoft documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app). + +For more information on generating and managing certificates, see the [Azure Key Vault documentation](https://docs.microsoft.com/en-us/azure/key-vault/certificates/).