To set up Single Sign On using Carousel and Azure AD you'll need to have administrator access in both systems and have two browser windows open. Ensure you have access to Azure AD premium and then follow these steps and you'll be all set.
-
Log into Carousel in one browser window and navigate to Settings > Users > Single Sign On
Click the 'New Identity Provider' button.
2. Log into Azure AD in the other browser window and navigate to Identity → Azure Active Directory → Enterprise Applications
Click 'New Application'.
3. Choose a Non-Gallery application, give it a name and click 'add'
Choose Users and Groups and Add Users to the application. Any users you add here will have access to the Carousel application. Initially in Carousel they will have no access rights. You can either add access rights after they log in, or you can create a user with their email address in advance. After logging in with SSO that user will be provisioned as the SSO user.
Select 'Single Sign On' and Choose 'SAML' as the method
5. Use this information from the Carousel window...
6. ...to fill in this information in Azure.
- ACS Route → Reply URL (Assertion Consumer Service URL)
- Entity ID → Identifier (Entity ID)
- https://your_carousel_server/Frontdoor/Login.aspx → Sign On Url
8. Download the Base64 encoded Certificate file, open it in a text editor and copy the contents, then use it and the information found in this section...
9. ...to populate the fields in Carousel seen here.
- Name of your choosing
- Login URL → Sign On Url
- Azure AD Identifier → Identity Issuer Id
- Text of 509 Certificate → x509 Certificate
- Login with SSO only can be turned on or off, based on your own preferences.
- Optional logo file (use a png with transparency)
13. Finally, log out of Carousel and then test the integration and make sure you can log in with Azure.
Congratulations! You can now use Azure Single Sign On to log into your Carousel server.