An AD Azure integration enables your users to be automatically signed-in to MCS Administration Portal with their Microsoft Azure AD accounts.
Configuration
Prerequisites
- The client must have an Azure AD subscription.
Implementation
Azure setup
- Create an Enterprise Application integrating with any other application.
Once created, the add Single sign on as SAML
Then once selected, you add the following:
- Identifier (Entity ID) – wlspssolive
- Reply URL as Reply URL (Assertion Consumer Service URL) – we will confirm which one to use from below
https://iweb.itouchvision.com/saml2/sp/acs/post
https://itouchvision.app/saml2/sp/acs/post
Once completed, send over the Federation Metadata xml from point below back to us.
We will then use this file to complete the set-up.
Users and Groups
We recommend that you set-up and assign Users and Groups for this application as per your organisation’s policy.
On initial set-up within the MCS Application, we will configure a User Access group named ‘AZURE Single Sign on’. By default, any MCS Users created through this integration will be assigned to that group.
Further Testing
Once we have completed the configuration, we would then hand over for final testing from this point.
Ideally you would provide us with a Test User for testing purposes only to validate the SAML Process works as expected.
How this works with the User logging in
When the integration is in place, a User will not need to log into MCS with their account credentials. To access the platform, they will only need to click on the ‘LiveID’ icon presented at the login screen.
Once a User has logged in successfully by clicking the ‘LiveID’ their account is ‘SSO enabled’.
If they are already an AD user but do not have an MCS Account, once the User clicks onto the LiveID link, a MCS User account will be created and they can log in from this point. They will by default, be added to the ‘Azure Single Sign on’ group which has been configured on your system.
If a User already has an MCS Account, by clicking the LiveID this will enable them to sign in using their AD Account.
If a User logs in into the platform by entering their MCS user account and details, this will disable the ability to log in using the LiveID link, and their ‘SSO’ status is disabled. This can be re-enabled through our support team.
It is recommended that a User does not use the ‘Forgot Password’ link on the MCS login prompt to reset their AD password as resetting this password will disable the ‘SSO’ status.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article