Hi,
I am implementing SSO for creatio with Azure AD for trail. Could you please tell the backend process how authentication works(not setup process) from creatio side?
Thanks in Advance.
Like
Hello Nagaraju,
The backend process is similar to the process described in any official documentation regarding SSO. Once it is set there are two scenarios that are possible:
1) JIT is not enabled (you have to create a system user on Creatio side with the same login credentials as on ADFS side)
In this case when you go to the root directory of your Creatio application (in your web-browser) with SSO enabled the IIS will check if you have active sessions (cookies) in the resource you have. If you have cookies you will be redirected directly to Creatio interface. If you don't have active cookies you will be redirected to the ADFS portal specified as ParterIdp value of root Web.Config file. There you need to enter your login credentials and once done the request with inserted parameters will be sent to SingleSignOnServiceUrl. There you are performing authentication check (if you can login to the resource specified). ADFS will send a request (if you really can login to the resource you are trying to reac (Creatio application)) to the link specified as "Reply URL (Assertion Consumer Service URL)". This request will be received by IIS and there authorization check is performed (access to which sections of the resource you try to reach can you get). And as a result you will see the page with Creatio application in a web-browser (schema of the process http://prntscr.com/q2cckp).
2) JIT is enabled (system user and contact)
The process is similar to the described above, but at the same time once you complete authentication part on ADFS portal side ADFS will transfer information on authenticated user attributes and roles to Creatio application. As a result system user and contact for this system user will be created for the person who tries to login.
Best regards,
Oscar