Vtiger CRM integrates with Active Directory (AD) to allow administrators to enable single sign-on (SSO) for all CRM users.
You can login to Vtiger CRM directly from the organizational accounts hosted in Active Directory.
Note! This feature is available in Vtiger One Professional, Vtiger One Enterprise editions.
Set up the connection between Vtiger and ADFS defined using Relying Party Trust(RPT)
Follow the below steps
Click on Actions and add Vtiger as a trusted party.
In the Select Data Source screen, select ‘Enter Data About the Party Manually’.
Enter the ‘Display’ name.
Choose the ADFS profile.
Set up the certificate settings.
Note! no trailing slash at the end of the URL.
Next, add a Relying party trust identifier of your domain.
Permit all users to access this relying party.
Rule 1: Send LDAP Attributes as Claims rule.
Using Active Directory as your attribute store, do the following:
Rule 2: Transform an Incoming Claim.
Select E-mail Address as the Incoming Claim Type.
To adjust the trust settings, select ‘Properties’ in the Actions sidebar while you have the RPT selected.
In the Advanced tab, make sure SHA-256 or SHA-1 is specified as the secure hash algorithm
You can also set up the Endpoint log out URL.
Next, configure Vtiger by downloading ADFS certificate in Base 64 format and authenticate ADFS certificate in Vtiger.
After setting up ADFS, you need to configure your Vtiger instance to authenticate using SAML. Follow the steps in our documentation for enabling SAML. You’ll use your full ADFS server URL with the SAML endpoint as the SSO URL, and the login endpoint you created as the logout URL.
To get the x.509 Certificate, Follow these steps
Select Certificates from the left Menu
Under “Token Signing” right click on the certificate that needs to be downloaded
Select View Certificate
In the Certificate window, click on the details tab and then click on “Copy to file”.
In the certificate export wizard, click on next
Select the format as “Base-64 encoded binary X.509 (.CER)” and click on next.
Enter a filename and then click on next and finish to save the certificate
Follow the steps below to configure SAML in Vtiger.
Follow these steps to install the Vtiger SAML application in Azure AD
Now, go to Vtiger SAML app.
Note: Usernames of Vtiger account and Active Directory account must match for single sign-on service.