Articles in this section
Authenticate Emails with SPF, DKIM, and SenderID Auto-forwarding your emails to Vtiger Automate Outgoing Emails in Email Settings Automation - Approvals Automation - Assignment Rules Automation - Multi-path Workflows Automation - Scheduled Workflows Automation - Scheduler Automation - Standard Workflows Automation - Webforms Automation - Workflow Action - Create Event Automation - Workflow Action - Create Records Automation - Workflow Action - Create Task Automation - Workflow Action - Invoke Custom Function Automation - Workflow Action - SMS Task Automation - Workflow Action - Send Mail Automation - Workflow Action - Update Fields Automation - Workflow Action - Webhook Automation - Workflows - Vtiger Expressions Configuration - Business Hours Configuration - Company Details Configuration - Consents Configuration - Customer Portal Configuration - Maps Configuration - Usage Details Configure Encrypted data fields in Vtiger CRM Configure Picklist Dependencies Considerations for Deactivating Vtiger Users Control Fields and Record Displays using Configuration Editor Create Reminders for Records and Inbox Create a field of a Grid type Customize your self-service portal theme using CSS styles Dealing with Currencies and Taxes Enable Desktop Notifications on Chrome Web Browsers Extensions - Extension Store IMAP Configuration - 2-way sync between Vtiger and IMAP providers Inventory - Payments and Subscriptions Inventory - Tax Management Inventory - Terms and Conditions Mailroom Functionality in Different Scenarios Manage Multiple Currencies Marketing & Sales - Forecast and Quota Settings Marketing & Sales - Pipelines and Stages Marketing and Sales - Deal to Project Mapping Marketing and Sales - Lead Conversion Data Mapping Marketing and Sales - Profile Scoring Module Management - Labels Editor Module Management - Module Numbering My Preferences My Preferences - Calendar Settings My Preferences - My Tags My Preferences - Notification Preferences SAML Support in Vtiger CRM Set up Mailroom Settings - Configure Module Settings Settings - Create Dynamic Fields and Layouts Module Management - Creating a Relationship Between Modules Settings - Customize Records and Fields for your Business Settings - How to set email autoresponder to Webform submission? Settings - Left Menu Settings - Manage Global Picklists in Vtiger Settings - Set up your Support Team Settings - Start Up Page Settings - Working with Picklist Values Module Management - Module Builder Support - SLA Policies Troubleshooting Login Issues Unsubscribe your Email User Management - Authentication User Management - Encrypted Field Access Logs User Management - Groups User Management - Login History User Management - Profiles User Management - Roles User Management - Settings Log User Management - Sharing Rules User Management - Users User Management - Vtiger Support Access Vtiger Buzz - Chrome Extension for Notifications Vtiger Implementation wizard Vtiger Language Support Websense - Trackers Websense - Widgets Configuration - Storage Guard Adding a local DNS Entry Adding Additional Hidden Fields to a Webform Configuring Dependent Fields and Blocks for Modules Duplicate Prevention in Modules Module Management - Modules Module Management - Module Layouts & Fields

Login to Vtiger on SSO SAML using ADFS

B
Bindu Rekha Babu
21 Sep, 2020 - Updated 11 months ago

Introduction

Vtiger CRM integrates with Active Directory (AD) to allow administrators to enable single sign-on (SSO) for all CRM users. 
 

You can login to Vtiger CRM directly from the organizational accounts hosted in Active Directory.

Note! This feature is available in Vtiger One ProfessionalVtiger One Enterprise editions.

Requirements to use ADFS to login to Vtiger

  1. An Active Directory instance where all users have an email address attribute.
  2. An SSL certificate with the fingerprint to sign your ADFS login page
  3. An installed certificate for the hosted SSL if you’re using host mapping in Vtiger.
  4. After the successful installation, get the value of ‘SAML 2.0/W-Federation’ URL in the ADFS Endpoints section. The URL includes ‘/adfs/ls/’ if the default settings are chosen.

Establish a connection between Vtiger and ADFS

Connect Vtiger and ADFS

Set up the connection between Vtiger and ADFS defined using Relying Party Trust(RPT)
Follow the below steps

  1. Go to Server Manager > Tools > ADFS Management > Relying Party Trusts folder.
  2. Click on Actions and add Vtiger as a trusted party.
    image not found

  3. In the Select Data Source screen, select ‘Enter Data About the Party Manually’.
    image not found

  4. Enter the ‘Display’ name.
    image not found

  5. Choose the ADFS profile.
    image not found

  6. Set up the certificate settings.

  7. Enable ‘Support for the SAML 2.0 WebSSO protocol’ and replace subdomain with your domain name.
    image not found

Note! no trailing slash at the end of the URL.

  1. Next, add a Relying party trust identifier of your domain.
    image not found

  2. Permit all users to access this relying party.

image not found

Claim Rules

Rule 1: Send LDAP Attributes as Claims rule.

Using Active Directory as your attribute store, do the following:

  • From the LDAP Attribute column, select E-Mail Addresses.
  • From the Outgoing Claim Type, select E-Mail Address.
    image not found

Rule 2: Transform an Incoming Claim.

Select E-mail Address as the Incoming Claim Type.

  • For Outgoing Claim Type, select Name ID.
  • For Outgoing Name ID Format, select Email.
    image not found

Adjusting the trust settings

To adjust the trust settings, select ‘Properties’ in the Actions sidebar while you have the RPT selected.
In the Advanced tab, make sure SHA-256 or SHA-1 is specified as the secure hash algorithm
image not found

You can also set up the Endpoint log out URL.
Next, configure Vtiger by downloading ADFS certificate in Base 64 format and authenticate ADFS certificate in Vtiger.
image not found

image not found

Configuring Vtiger

After setting up ADFS, you need to configure your Vtiger instance to authenticate using SAML. Follow the steps in our documentation for enabling SAML. You’ll use your full ADFS server URL with the SAML endpoint as the SSO URL, and the login endpoint you created as the logout URL.

To get the x.509 Certificate, Follow these steps

  1. Download the Active Directory Federation Services (ADFS) Certificate
  2. Open Active Directory Federation Services (ADFS)
  3. Select Certificates from the left Menu
    image not found

  4. Under “Token Signing” right click on the certificate that needs to be downloaded

  5. Select View Certificate
    image not found

  6. In the Certificate window, click on the details tab and then click on “Copy to file”.
    image not found

  7. In the certificate export wizard, click on next
    image not found

  8. Select the format as “Base-64 encoded binary X.509 (.CER)” and click on next.
    image not found

  9. Enter a filename and then click on next and finish to save the certificate
    image not found
    image not found

Configure SAML in Vtiger.

Follow the steps below to configure SAML in Vtiger.

  1. Hover over  and click on Settings.
  2. Click on Authentication under User Management.
  3. Enable SAML checkbox.
  4. Copy the IDP information and paste them in Vtiger.
  5. Click on the Save button and get the Service Provider Entity ID and ACS URL.
  6. Enter your CRM’s SAML login URL to login via ADFS.

Vtiger SAML application in Azure AD

Installation of Vtiger SAML in Azure AD

Follow these steps to install the Vtiger SAML application in Azure AD

  • Open your Azure AD portal
  • Go to Azure Active Directory
  • Click on Enterprise Applications option under Manage tab
  • Click on the Add New Application button
  • Search for Vtiger in the Enterprise Applications
  • Click on Vtiger CRM (SAML) app and click Add

Now, go to Vtiger SAML app.

  1. Click on Single sign-on option under Manage tab
  2. Select SAML
  3. Next, set up Single Sign-On with SAML
  4. Configure the Basic SAML entity values in AD and Vtiger
  5. Add users

Note: Usernames of Vtiger account and Active Directory account must match for single sign-on service.

Home Privacy Policy Terms of Service Security Center Policy & Legal Center Contact Us
© Copyright 2021 Vtiger. All rights reserved.
Powered by Vtiger
Facebook Twitter Linkedin Youtube