Loading...
Area: Optimizely B2B Commerce

Set up Microsoft Azure SSO

Recommended reading 

This article provides the steps to set up Microsoft Azure Active Directory Federation Services (ADFS) Single Sign-On (SSO) for the Admin Console and the storefront.

Create a New Application Registration in Microsoft Azure

  1. Navigate to Azure Active Directory > App registrations in the Microsoft Azure portal. Click New application registration.

  2. Enter a Name and the Sign-on URL, then click Create.

  3. Click Settings. Click Properties and update the App ID URI on the Properties panel to https://www.b2bcommercesite/identity. Click Save on the Properties panel.

  4. Click Reply URLs in the Settings panel. Update the URL to https://www.b2bcommercesite/identity.

  5. Return to App registrations and click Endpoints. Copy the FEDERATION METADATA DOCUMENT endpoint value.

    Enable Windows SSO

    1. Navigate to Administration > System > Settings in the Admin Console.

    2. Search for Allow Sign in With Windows Account.

    3. Set the Allow Sign in With Windows Account toggle to YES. If Yes, a Windows button will appear on the sign in page. Default value: No.

    4. Enter a Caption. This is the caption to show on the Windows button. Default value: Windows.
    5. Set the Use Windows Sign In on Storefront toggle to YES, if you want to enable this. If Yes, a Windows button will appear on the storefront sign in page. Default value: No.

    6. Set the Use Windows Sign In on Admin Console to YES, if you want to enable this. If Yes, a Windows button will appear on the Admin Console sign in page. Default value: Yes.

    7. Enter you Windows Metadata URL. The address to retrieve WsFederation metadata.

    8. Click Save.

    Note: If you plan on using SSO for the Admin Console and you do not wish to automatically assign any permissions, you should update the Assign A/C User Role with SSO setting to NO. New Admin Console users will then require an existing user to set their roles up manually. Default value: Yes.

    Configure the SSO Clients

      1. Navigate to Administration > Permissions > Single Sign On in the Admin Console.
      2. If you want to use Windows for the storfront, click Edit for the ext client. 

        1. Enter your website urls in the Redirect Uris (comma separated list of redirect uris). These have to use the path /identity/externalcallback, for example https://www.b2bcommercesite1.com/identity/externalcallback,https://www.b2bcommercesite2.com/identity/externalcallback, etc.

        2. Click Save.
      3. If you want to use Windows for the Admin Console, click Edit for the isc_admin_ext client.

        1. Enter your website urls in the Redirect Uris (comma separated list of redirect uris). These have to use the path /identity/adminexternalcallback, for example https://www.b2bcommercesite1.com/identity/adminexternalcallback,https://www.b2bcommercesite2.com/identity/adminexternalcallback, etc.

        2. Click Save. 

    Do you find this information helpful? Please log in to provide feedback.

    Last updated: Dec 11, 2020

    Recommended reading