{"_id":"5953e175c356e9001b1250c8","project":"55d535ca988e130d000b3f5c","version":{"_id":"55d535cb988e130d000b3f5f","__v":12,"project":"55d535ca988e130d000b3f5c","hasDoc":true,"hasReference":false,"createdAt":"2015-08-20T02:04:59.052Z","releaseDate":"2015-08-20T02:04:59.052Z","categories":["55d535cc988e130d000b3f60","55d6b238d2a8eb1900109eef","55d6b4f3250d7d0d004274cd","55d7967960fc730d00fc2852","55da9804e835f20d009fc5d0","55e75b1de06f4b190080dbfd","55e75b39e06f4b190080dbfe","55e75b7ae06f4b190080dbff","564f5a4e33082f0d001bb709","570fb64aa38d470e0060cbff","586d0dd89a854123001acd65","586d0e3b9a854123001acd66"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"55e75b7ae06f4b190080dbff","__v":10,"project":"55d535ca988e130d000b3f5c","version":"55d535cb988e130d000b3f5f","pages":["5637e17197666c0d008656a5","569591a4fcb1032d0089e037","569622eafe18811700c9c19b","5696c9588560a60d00e2c1e0","569709ca0b09a41900b2442b","5697129ac8ded91700307b77","5697190a59a6692d003fad6a","5697192969393517000c8280","569f11908f6d4b0d00f13bb2","56a0030b5b981c2b00383df0"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-02T20:26:34.258Z","from_sync":false,"order":4,"slug":"frame-platform","title":"Frame Platform"},"user":"56461e119f3f550d00fa3da2","__v":0,"parentDoc":null,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2017-06-28T17:03:49.618Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":21,"body":"## Introduction\n\nIntegrating Azure AD Single Sign On (SSO) with a Frame Launchpad is a quick and easy process.\n\nIf you would like to integrate using the FrameAPP API, much of this is the same, but you will want to talk to your Frame Account Manager to discuss integration options.\n\nThere are four things we are going to cut and paste from one system to the other.\n\n+ The Frame **Custom Authentication Name**. This is a name you pick when you create the custom authentication (see below).\n+ The Frame **Team URL** for the Frame account you want users to access.\n+ The Azure AD **Federation Metadata Document URL**. This is a URL where Azure AD keeps the SAML Metadata for your Azure tenant.\n+ The Azure AD **Application ID** for your Azure AD application.\n\nFollowing the steps below, you can find these values and copy them from Azure AD to Frame and from Frame to Azure AD. This process should take less than fifteen minutes.\n\nFirst, make sure that you have a Platform Ultimate, sometimes called a \"Super Admin,\" account with Custom Authentication enabled. You can tell if it is enabled if you see the \"Custom Authentications\" section in the Account menu for your Platform Ultimate account. If it is not enabled or you aren't sure, contact your Frame Account Manager and ask about Custom Authentication.\n\n## Step One: Create The Custom Authentication\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/b1b17a7-image17.png\",\n        \"image17.png\",\n        635,\n        454,\n        \"#dbe1e1\"\n      ],\n      \"caption\": \"\"\n    }\n  ]\n}\n[/block]\nYou will find the Custom Authentications option under the Account Menu for your Platform Ultimate account\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/4bfd841-image14.png\",\n        \"image14.png\",\n        613,\n        216,\n        \"#649b7d\"\n      ]\n    }\n  ]\n}\n[/block]\nThe section you want is near the bottom of the page. Click \"Add New\"\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/90c932c-image9.png\",\n        \"image9.png\",\n        744,\n        812,\n        \"#e4e8e7\"\n      ]\n    }\n  ]\n}\n[/block]\nCreate a unique Custom Authentication name. The name should be something no one else will use and and it should be a valid hostname. This means it should be lower case, and have only letters, numbers, and the dash symbol, no spaces or punctuation are allowed. Select the account or accounts where users from this directory should be able to login.\n\nClick \"Add\"\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/eb3020a-image16.png\",\n        \"image16.png\",\n        1663,\n        741,\n        \"#395b77\"\n      ]\n    }\n  ]\n}\n[/block]\nWe will also want the Team URL from the account you want Users to access. You can find the team url Team URL by impersonating the account and looking in the location bar of your browser. In this example the Team URL is https://bill-2017-05-10-1.fra.me\n\nThat's all we need from Frame. Now let's gather what we need from Azure AD.\n\n## Step 2: Setup Azure AD\n\nTo connect Frame to Azure AD for Single Sign On (SSO) we will need to register an Azure Application and collect three pieces of information about that Azure Application.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/1dbb44c-image10.png\",\n        \"image10.png\",\n        937,\n        173,\n        \"#222425\"\n      ]\n    }\n  ]\n}\n[/block]\nLogin to your Azure account.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/032c2c2-image6.png\",\n        \"image6.png\",\n        1033,\n        888,\n        \"#2b2c34\"\n      ]\n    }\n  ]\n}\n[/block]\nSelect Azure Active Directory.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/3f3adb2-image12.png\",\n        \"image12.png\",\n        485,\n        509,\n        \"#d0d2d6\"\n      ]\n    }\n  ]\n}\n[/block]\nSelect App Registrations\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/84f0aa9-image19.png\",\n        \"image19.png\",\n        796,\n        405,\n        \"#2b2b33\"\n      ]\n    }\n  ]\n}\n[/block]\nClick Add\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/4acbfc0-image13.png\",\n        \"image13.png\",\n        624,\n        421,\n        \"#25343c\"\n      ]\n    }\n  ]\n}\n[/block]\nEnter the application name. In this case we will use \"Frame\"\n\nSelect Web app / API\n\nFor Sign-on URL enter the following\n\nhttps://img.mainframe2.com/login/?account_type=[CUSTOM_AUTHENTICATION_NAME]&return_url=https://[TEAM_URL].fra.me/custom_auth_return\n\nIn our example this would be\n\nhttps://img.mainframe2.com/login/?account_type=mycompany-azuread&return_url=https://bill-2017-05-10-1.fra.me/custom_auth_return\n\nClick the \"Create\" Button \n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/745cdc4-image1.png\",\n        \"image1.png\",\n        697,\n        398,\n        \"#cacaca\"\n      ]\n    }\n  ]\n}\n[/block]\nSelect the App you've just created\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/ac8dd6b-image11.png\",\n        \"image11.png\",\n        960,\n        417,\n        \"#d4dfe4\"\n      ]\n    }\n  ]\n}\n[/block]\nCopy the Application ID. Save this. You will use this later.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/062f611-image5.png\",\n        \"image5.png\",\n        1048,\n        392,\n        \"#30708f\"\n      ]\n    }\n  ]\n}\n[/block]\nSelect Properties\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/d475e2b-image2.png\",\n        \"image2.png\",\n        421,\n        858,\n        \"#d0d2d3\"\n      ],\n      \"sizing\": \"smart\"\n    }\n  ]\n}\n[/block]\n**Name** should be the name you provided earlier. In this case Frame\n\n**Home Page URL** should already be the same as the Sign-on URL you entered before, and will look like: https://img.mainframe2.com/login/?account_type=[CUSTOM_AUTHENTICATION_NAME]&return_url=https://[TEAM_URL].fra.me/custom_auth_return\n\nSet Logout URL to: https://img.mainframe2.com/saml2/slo/[CUSTOM_AUTHENTICATION_NAME]/\n\nfor our example, this would be:  https://img.mainframe2.com/saml2/slo/mycompany-azuread/\n\n(note the ending slash \"/\")\n\nLeave the other fields at their default values.\n\nClick the Save icon\n\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/186fc6f-image15.png\",\n        \"image15.png\",\n        352,\n        458,\n        \"#2c2c34\"\n      ]\n    }\n  ]\n}\n[/block]\nSelect Reply URLS\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/5b2e199-image4.png\",\n        \"image4.png\",\n        1055,\n        257,\n        \"#bee2ee\"\n      ]\n    }\n  ]\n}\n[/block]\nYou should already see same Sign-on URL you entered earlier here.\n\nIn the next blank field add a \"done\" url using the custom authentication name you created previously.\n\nhttps://img.mainframe2.com/saml2/done/[CUSTOM_AUTHENTICATION_NAME]/\n\nIn our example it would be: \n\nhttps://img.mainframe2.com/saml2/done/mycompany-azuread/\n\nClick Save\n\n\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/58e9e79-image8.png\",\n        \"image8.png\",\n        1012,\n        331,\n        \"#252f2e\"\n      ]\n    }\n  ]\n}\n[/block]\nIn the App Registrations Pane, click \"Endpoints\"\n\n\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/d82a703-image7.png\",\n        \"image7.png\",\n        578,\n        276,\n        \"#d4d6d6\"\n      ]\n    }\n  ]\n}\n[/block]\nClick the \"Copy\" icon beside Federation Metadata Document and save this for later. You will be providing this to Frame.\n\n\nGo back to Frame. Go to your Platform Ultimate Account menu.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/d211224-image18.png\",\n        \"image18.png\",\n        1498,\n        460,\n        \"#f1f5f5\"\n      ]\n    }\n  ]\n}\n[/block]\n  Edit the Custom Authentication you created earlier.\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/2acb20c-disable_signed_response.PNG\",\n        \"disable_signed_response.PNG\",\n        651,\n        778,\n        \"#e3e7e7\"\n      ]\n    }\n  ]\n}\n[/block]\nPaste the Federation Metadata Document URL into the Customer Metatdata URL field.\nPaste the Application ID into the Entity ID (Application ID) field.\nUncheck \"Signed SAML2 Response\"\nClick \"Save Changes\"\n\n## Using the New Custom Authentication\n\nUsers will now be able to authenticate using the Sign-on URL \n\nhttps://img.mainframe2.com/login/?account_type=[CUSTOM_AUTHENTICATION_NAME]&return_url=https://[TEAM_URL].fra.me/custom_auth_return\n\nFor our example this would be:\n\nhttps://img.mainframe2.com/login/?account_type=mycompany-azuread&return_url=https://bill-2017-05-10-1.fra.me/custom_auth_return","excerpt":"","slug":"connecting-a-custom-authentication-to-azure-ad","type":"basic","title":"Integrating with Azure AD"}

Integrating with Azure AD


## Introduction Integrating Azure AD Single Sign On (SSO) with a Frame Launchpad is a quick and easy process. If you would like to integrate using the FrameAPP API, much of this is the same, but you will want to talk to your Frame Account Manager to discuss integration options. There are four things we are going to cut and paste from one system to the other. + The Frame **Custom Authentication Name**. This is a name you pick when you create the custom authentication (see below). + The Frame **Team URL** for the Frame account you want users to access. + The Azure AD **Federation Metadata Document URL**. This is a URL where Azure AD keeps the SAML Metadata for your Azure tenant. + The Azure AD **Application ID** for your Azure AD application. Following the steps below, you can find these values and copy them from Azure AD to Frame and from Frame to Azure AD. This process should take less than fifteen minutes. First, make sure that you have a Platform Ultimate, sometimes called a "Super Admin," account with Custom Authentication enabled. You can tell if it is enabled if you see the "Custom Authentications" section in the Account menu for your Platform Ultimate account. If it is not enabled or you aren't sure, contact your Frame Account Manager and ask about Custom Authentication. ## Step One: Create The Custom Authentication [block:image] { "images": [ { "image": [ "https://files.readme.io/b1b17a7-image17.png", "image17.png", 635, 454, "#dbe1e1" ], "caption": "" } ] } [/block] You will find the Custom Authentications option under the Account Menu for your Platform Ultimate account [block:image] { "images": [ { "image": [ "https://files.readme.io/4bfd841-image14.png", "image14.png", 613, 216, "#649b7d" ] } ] } [/block] The section you want is near the bottom of the page. Click "Add New" [block:image] { "images": [ { "image": [ "https://files.readme.io/90c932c-image9.png", "image9.png", 744, 812, "#e4e8e7" ] } ] } [/block] Create a unique Custom Authentication name. The name should be something no one else will use and and it should be a valid hostname. This means it should be lower case, and have only letters, numbers, and the dash symbol, no spaces or punctuation are allowed. Select the account or accounts where users from this directory should be able to login. Click "Add" [block:image] { "images": [ { "image": [ "https://files.readme.io/eb3020a-image16.png", "image16.png", 1663, 741, "#395b77" ] } ] } [/block] We will also want the Team URL from the account you want Users to access. You can find the team url Team URL by impersonating the account and looking in the location bar of your browser. In this example the Team URL is https://bill-2017-05-10-1.fra.me That's all we need from Frame. Now let's gather what we need from Azure AD. ## Step 2: Setup Azure AD To connect Frame to Azure AD for Single Sign On (SSO) we will need to register an Azure Application and collect three pieces of information about that Azure Application. [block:image] { "images": [ { "image": [ "https://files.readme.io/1dbb44c-image10.png", "image10.png", 937, 173, "#222425" ] } ] } [/block] Login to your Azure account. [block:image] { "images": [ { "image": [ "https://files.readme.io/032c2c2-image6.png", "image6.png", 1033, 888, "#2b2c34" ] } ] } [/block] Select Azure Active Directory. [block:image] { "images": [ { "image": [ "https://files.readme.io/3f3adb2-image12.png", "image12.png", 485, 509, "#d0d2d6" ] } ] } [/block] Select App Registrations [block:image] { "images": [ { "image": [ "https://files.readme.io/84f0aa9-image19.png", "image19.png", 796, 405, "#2b2b33" ] } ] } [/block] Click Add [block:image] { "images": [ { "image": [ "https://files.readme.io/4acbfc0-image13.png", "image13.png", 624, 421, "#25343c" ] } ] } [/block] Enter the application name. In this case we will use "Frame" Select Web app / API For Sign-on URL enter the following https://img.mainframe2.com/login/?account_type=[CUSTOM_AUTHENTICATION_NAME]&return_url=https://[TEAM_URL].fra.me/custom_auth_return In our example this would be https://img.mainframe2.com/login/?account_type=mycompany-azuread&return_url=https://bill-2017-05-10-1.fra.me/custom_auth_return Click the "Create" Button [block:image] { "images": [ { "image": [ "https://files.readme.io/745cdc4-image1.png", "image1.png", 697, 398, "#cacaca" ] } ] } [/block] Select the App you've just created [block:image] { "images": [ { "image": [ "https://files.readme.io/ac8dd6b-image11.png", "image11.png", 960, 417, "#d4dfe4" ] } ] } [/block] Copy the Application ID. Save this. You will use this later. [block:image] { "images": [ { "image": [ "https://files.readme.io/062f611-image5.png", "image5.png", 1048, 392, "#30708f" ] } ] } [/block] Select Properties [block:image] { "images": [ { "image": [ "https://files.readme.io/d475e2b-image2.png", "image2.png", 421, 858, "#d0d2d3" ], "sizing": "smart" } ] } [/block] **Name** should be the name you provided earlier. In this case Frame **Home Page URL** should already be the same as the Sign-on URL you entered before, and will look like: https://img.mainframe2.com/login/?account_type=[CUSTOM_AUTHENTICATION_NAME]&return_url=https://[TEAM_URL].fra.me/custom_auth_return Set Logout URL to: https://img.mainframe2.com/saml2/slo/[CUSTOM_AUTHENTICATION_NAME]/ for our example, this would be: https://img.mainframe2.com/saml2/slo/mycompany-azuread/ (note the ending slash "/") Leave the other fields at their default values. Click the Save icon [block:image] { "images": [ { "image": [ "https://files.readme.io/186fc6f-image15.png", "image15.png", 352, 458, "#2c2c34" ] } ] } [/block] Select Reply URLS [block:image] { "images": [ { "image": [ "https://files.readme.io/5b2e199-image4.png", "image4.png", 1055, 257, "#bee2ee" ] } ] } [/block] You should already see same Sign-on URL you entered earlier here. In the next blank field add a "done" url using the custom authentication name you created previously. https://img.mainframe2.com/saml2/done/[CUSTOM_AUTHENTICATION_NAME]/ In our example it would be: https://img.mainframe2.com/saml2/done/mycompany-azuread/ Click Save [block:image] { "images": [ { "image": [ "https://files.readme.io/58e9e79-image8.png", "image8.png", 1012, 331, "#252f2e" ] } ] } [/block] In the App Registrations Pane, click "Endpoints" [block:image] { "images": [ { "image": [ "https://files.readme.io/d82a703-image7.png", "image7.png", 578, 276, "#d4d6d6" ] } ] } [/block] Click the "Copy" icon beside Federation Metadata Document and save this for later. You will be providing this to Frame. Go back to Frame. Go to your Platform Ultimate Account menu. [block:image] { "images": [ { "image": [ "https://files.readme.io/d211224-image18.png", "image18.png", 1498, 460, "#f1f5f5" ] } ] } [/block] Edit the Custom Authentication you created earlier. [block:image] { "images": [ { "image": [ "https://files.readme.io/2acb20c-disable_signed_response.PNG", "disable_signed_response.PNG", 651, 778, "#e3e7e7" ] } ] } [/block] Paste the Federation Metadata Document URL into the Customer Metatdata URL field. Paste the Application ID into the Entity ID (Application ID) field. Uncheck "Signed SAML2 Response" Click "Save Changes" ## Using the New Custom Authentication Users will now be able to authenticate using the Sign-on URL https://img.mainframe2.com/login/?account_type=[CUSTOM_AUTHENTICATION_NAME]&return_url=https://[TEAM_URL].fra.me/custom_auth_return For our example this would be: https://img.mainframe2.com/login/?account_type=mycompany-azuread&return_url=https://bill-2017-05-10-1.fra.me/custom_auth_return