Skip to main content

Active Directory (Single sign on)

This section will introduce the step on how to integrate with Active Directory for single sign on purpose. Based on the following integration steps, user can:

  • User can perform single sign on to Offision system
  • User account will be automatically created only when the user first time login, while User permission will be granted

⚠️ The following setting will not sync all user into the system, every user account will be automatically create only when the user first time login to the system. If you want to pre-load all user to the system first, please refer to Active Directory with LDAP User Synchronization

Network Connectivity

Network connection diagram

  1. Connect from User Web App, Outlook Add-in, Management Console to Offision Server

    • For open the WebApps of Offision.
    • Port: TCP 443
  2. Connect from Offision Server to Offision Player

    • For room display, floor display, etc.. connect to Servers to receive the signal., Offision Server can real-time update data through the https and wss protocol.
    • Port: TCP 443
  3. Connect from Offision Server to SMTP Server

    • For sending email through the SMTP Server, sending email to the receiver.
    • Port: TCP 25, 465, or 587 (depend on the SMTP Server setting)
  4. Connect from User Web App, Outlook Add-in, Management Console to the ADFS

    • For user single sign on with the Active Directory Federation Services (ADFS)
    • Port: TCP 443

Integration Steps

Prerequisites
  • Microsoft Active Directory / Azure AD
  1. Configure the ADFS / Azure active directory. Please follows ADFS setup guide and AzureAD setup guide
  2. Open Offision Management Console
  3. Navigate to Settings > External Integration
  4. Click New external integration + button, select Active Directory (Single sign on)
  5. Fill in the Metadata address and WtRealM
  • For Exchange server
    • In metadata address, fill in follow address https://{your active directory address}/FederationMetadata/2007-06/FederationMetadata.xml
    • In Wt RealM, fill in the for WS-Federation Passive protocol app's URL configured in active directory
  • For Microsoft 365
    • In metadata address, fill in WS-Federation middleware's MetadataAddress
    • In Wt RealM, fill in the Application ID URI
  1. (Optional) Fill in Login button name, it will show Login via Active directory if leave the field empty
  2. Click Save button.
  3. Set the redirect URI from the ADFS integration to Azure. Please refer to ADFS setup guide.
  4. Now user can single sign on in login page

Login via Active directory

How to hide the default login fields and buttons in login page

Default login field and buttons are for user to login via system local accounts. If you are using the system without any local user accounts or you do not want user to login via local account, you can hide these fields by following steps in Management Console:

  1. Navigate to Settings > General
  2. Select Hidden local login in User App
  3. Click the Update button