This article provides the steps to set up Microsoft Azure Active Directory Federation Services (ADFS) Single Sign-On (SSO) for the Admin Console and the Storefront.
Create a New Application Registration in Microsoft Azure
- Navigate to Azure Active Directory > App registrations in the Microsoft Azure portal. Click New application registration.
- Enter a Name and the Sign-on URL, then click Create.
- Click Settings. Click Properties and update the App ID URI on the Properties panel, which must match the app setting IdentityServerUrl in the appSettings.config file. Click Save on the Properties panel.
- Click Reply URLs in the Settings panel. Update the URL to the IdentityServerUrl and add /wsa to the end.
- Return to App registrations and click Endpoints. Copy the FEDERATION METADATA DOCUMENT endpoint value.
Configure Windows SSO Settings in the Admin Console
- Sign in to the Epi B2B Commerce Admin Console as either an ISC_Admin or ISC_System user.
- Navigate to Administration > Settings. Select the Site Configurations finger tab and scroll down to the Windows SSO section.
- Click the Allow Sign in With Windows Account toggle to change it to YES, click the Use Windows Sign In on Admin Console toggle to change it to YES, then paste the FEDERATION METADATA DOCUMENT endpoint value in the Windows Metadata URL field. Click Save.
- Navigate to Administration > Single Sign On.
- Update the isc_admin_ext client by setting the Redirect Urls to the IdentityServerUrl and add /adminexternalcallback to the end.
Do you find this information helpful? Please log in to provide feedback.
Last updated: Dec 11, 2020