====== SSO implementation in zebrix with Azure AD (Office 365) ======
===== Save zebrix metadata in a file =====
  - Surf on https://auth.zebrix.net/metadata
  - Right click and save the file to a file with .xml extension
{{:en:azure_ad_sso_02.jpg?nolink|}}
===== In the Azure AD admin center, add a new app =====
{{:en:azure_ad_sso_01.jpg?nolink|}}

===== Create a new app using these options and call it "zebrix" or "zebrix CMS"=====
{{:en:azure_ad_sso_03.jpg?nolink|}}

===== zebrix overview =====
{{:en:azure_ad_sso_04.jpg?nolink|}}
==== Choose which groups/users will be allowed to login ====
{{:en:azure_ad_sso_05.jpg?nolink|}}

==== In the "Properties" section, set the zebrix logo ====

Save the following logo file

{{:en:zebrix_rounded_logo.png?direct&200|}}

and upload it in the configuration

{{:en:azure_ad_sso_18.jpg?nolink|}}

==== In the "Single Sign-on" section, configure the SSO: choose SAML ====
{{:en:azure_ad_sso_06.jpg?nolink|}}

==== Upload the XML metadata file that has been previously downloaded ====
{{:en:azure_ad_sso_07.jpg?nolink|}}

==== Add a "Sign On URL" and save the basic SAML configuration ====
Some fields will be prefilled thanks to the imported .XML file, but the "Sign On URL" needs to be filled manually.
Please specify the following URL: **https://cms.zebrix.net/cn/<color #ed1c24>customername</color>** (please replace **customername** with your actual customer name on zebrix)

{{:en:azure_ad_sso_17.jpg?nolink|}}

==== Skip SSO login test ====
{{:en:azure_ad_sso_09.jpg?nolink|}}

==== Edit User attributes and claims ====
{{:en:azure_ad_sso_10.jpg?nolink|}}

==== Add a new claim ====
{{:en:azure_ad_sso_11.jpg?nolink|}}

{{:en:azure_ad_sso_12.jpg?nolink|}}
  - Use **displayname** as name
  - In the name space field please copy / paste the following namespace **http://schemas.xmlsoap.org/ws/2005/05/identity/claims**
  - In the dropdown list, select the value **user.displayname**
  - Press the **Save** button

===== Copy the "App Federation Metadata URL" and send it to support@zebrix.net =====
{{:en:azure_ad_sso_13.jpg?nolink|}}

===== Our Technical team will implement your settings on zebrix side and activate the SSO on your account =====

===== How to connect to zebrix using SSO? =====
==== Option 1: using the "sign on URL" ====

**https://cms.zebrix.net/cn/<color #ed1c24>customername</color>**

Accessing to this URL will trigger the "Single Sign On" verification process and you'll be either directly logged in to zebrix or you'll be redirected to the Microsoft authentication portal.

You can save this URL in your bookmarks.

==== Option 2: you can use the "zebrix" application shortcut icon in your Office 365 portal ====

{{:en:azure_ad_sso_19.jpg?nolink|}}

===== How to manage SSO users in zebrix? =====

Please have a look to [[https://www.zebrix.net/documentation/doku.php?id=en:sso_implementation#how_to_enable_sso_on_an_existing_zebrix_user|this page]].