Submit a request Sign In
  • Logout
    Home  >   Articles   >  Login to Vtiger on SSO SAML using ADFS
    Articles in this section
    Authenticate Emails with SPF, DKIM, and SenderID Auto forward your emails to Vtiger Automate Outgoing Emails in Email Settings Managing User Profiles Automation - Approvals Setting up User Roles Automation - Assignment Rules Set up Multi-path Workflows Creating a Scheduled Workflow Automation - Scheduler Creating a Workflow Webforms in Vtiger CRM Set up a Workflow Action to Create Event Set up a Workflow Action to Create Records Set up a Workflow Action to Create Task Set up a Workflow Action to Invoke Custom Function Set up a Workflow Action to Create an SMS Task Set up a Workflow Action to Send Mails Set up a Workflow Action to Update Fields Automation - Workflow Action - Webhook Automation - Workflows - Vtiger Expressions Configuration - Business Hours Configuration - Company Details Configuration - Consents Configuration - Customer Portal Maps in Vtiger CRM Configuration - Usage Details Configuring Encrypted Data Fields in Vtiger CRM Configure Picklist Dependencies Considerations for Deactivating Vtiger Users Control Fields and Record Displays using Configuration Editor Create Reminders for Records and Inbox Create a field of a Grid type Dealing with Currencies and Taxes Enable Desktop Notifications on Chrome Web Browsers Vtiger CRM Add-ons IMAP Configuration - 2-way sync between Vtiger and IMAP providers Setting up Autopay & Payment Gateways Inventory - Tax Management Inventory - Terms and Conditions Mailroom Functionality for Different Scenarios Manage Multiple Currencies Marketing and Sales - Deal to Project Mapping Marketing and Sales - Lead Conversion Data Mapping Marketing and Sales - Profile Scoring Module Management - Labels Editor Module Management - Module Numbering My Preferences My Preferences - Calendar Settings Tags in Vtiger My Preferences - Notification Preferences SAML Support in Vtiger CRM Vtiger Mailroom Settings - Configure Module Settings Settings - Create Dynamic Fields and Layouts Module Management - Creating a Relationship Between Modules Settings - Customize Records and Fields for your Business Settings - How to set email autoresponder to Webform submission? Settings - Left Menu Settings - Manage Global Picklists in Vtiger Settings - Set up your Support Team Settings - Start Up Page Settings - Working with Picklist Values Module Management - Module Builder Support - SLA Policies Troubleshooting Login Issues Add-Edit Unsubscribe Links in your Email Template User Management - Authentication User Management - Encrypted Field Access Logs User Management - Groups User Management - Login History User Management - Profiles User Management - Roles User Management - Settings Log User Management - Sharing Rules User Management - Users User Management - Vtiger Support Access Vtiger Buzz - Chrome Extension for Notifications Vtiger Implementation wizard Vtiger Language Support Configuring Websense Trackers Websense - Widgets Adding Hidden Fields to a Webform Auto forward Emails from Microsoft Office 365 Adding Custom Module Configuration - Storage Guard Customizing your Self-Service Portal Theme Using CSS Styles Login Page Customization Creating App-specific Password for Gmail Outgoing Server Module Management - Module Layouts & Fields Settings - Personalize Module Layouts Module Management - Modules Automation - SMS Reply Actions Duplicate Prevention in Modules Configuring Dependent Fields and Blocks for Modules Formula Fields Creating Custom Filters Adding a local DNS Entry

    Login to Vtiger on SSO SAML using ADFS

    B
    Bindu Rekha Babu
    21 Sep, 2020 - Updated 4 years ago
    Table of Contents

    Introduction

    Vtiger CRM integrates with Active Directory (AD) to allow administrators to enable single sign-on (SSO) for all CRM users. 
     

    You can login to Vtiger CRM directly from the organizational accounts hosted in Active Directory.

    Note! This feature is available in Vtiger One ProfessionalVtiger One Enterprise editions.

    Requirements to use ADFS to login to Vtiger

    1. An Active Directory instance where all users have an email address attribute.
    2. An SSL certificate with the fingerprint to sign your ADFS login page
    3. An installed certificate for the hosted SSL if you’re using host mapping in Vtiger.
    4. After the successful installation, get the value of ‘SAML 2.0/W-Federation’ URL in the ADFS Endpoints section. The URL includes ‘/adfs/ls/’ if the default settings are chosen.

    Establish a connection between Vtiger and ADFS

    Connect Vtiger and ADFS

    Set up the connection between Vtiger and ADFS defined using Relying Party Trust(RPT)
    Follow the below steps

    1. Go to Server Manager > Tools > ADFS Management > Relying Party Trusts folder.

    2. Click on Actions and add Vtiger as a trusted party.
      image not found

    3. In the Select Data Source screen, select ‘Enter Data About the Party Manually’.
      image not found

    4. Enter the ‘Display’ name.
      image not found

    5. Choose the ADFS profile.
      image not found

    6. Set up the certificate settings.

    7. Enable ‘Support for the SAML 2.0 WebSSO protocol’ and replace subdomain with your domain name.
      image not found

    Note! no trailing slash at the end of the URL.

    1. Next, add a Relying party trust identifier of your domain.
      image not found

    2. Permit all users to access this relying party.

    image not found

    Claim Rules

    Rule 1: Send LDAP Attributes as Claims rule.

    Using Active Directory as your attribute store, do the following:

    • From the LDAP Attribute column, select E-Mail Addresses.
    • From the Outgoing Claim Type, select E-Mail Address.
      image not found

    Rule 2: Transform an Incoming Claim.

    Select E-mail Address as the Incoming Claim Type.

    • For Outgoing Claim Type, select Name ID.
    • For Outgoing Name ID Format, select Email.
      image not found

    Adjusting the trust settings

    To adjust the trust settings, select ‘Properties’ in the Actions sidebar while you have the RPT selected.
    In the Advanced tab, make sure SHA-256 or SHA-1 is specified as the secure hash algorithm
    image not found

    You can also set up the Endpoint log out URL.
    Next, configure Vtiger by downloading ADFS certificate in Base 64 format and authenticate ADFS certificate in Vtiger.
    image not found

    image not found

    Configuring Vtiger

    After setting up ADFS, you need to configure your Vtiger instance to authenticate using SAML. Follow the steps in our documentation for enabling SAML. You’ll use your full ADFS server URL with the SAML endpoint as the SSO URL, and the login endpoint you created as the logout URL.

    To get the x.509 Certificate, Follow these steps

    1. Download the Active Directory Federation Services (ADFS) Certificate
    2. Open Active Directory Federation Services (ADFS)

    3. Select Certificates from the left Menu
      image not found

    4. Under “Token Signing” right click on the certificate that needs to be downloaded

    5. Select View Certificate
      image not found

    6. In the Certificate window, click on the details tab and then click on “Copy to file”.
      image not found

    7. In the certificate export wizard, click on next
      image not found

    8. Select the format as “Base-64 encoded binary X.509 (.CER)” and click on next.
      image not found

    9. Enter a filename and then click on next and finish to save the certificate
      image not found
      image not found

    Configure SAML in Vtiger.

    Follow the steps below to configure SAML in Vtiger.

    1. Hover over  and click on Settings.
    2. Click on Authentication under User Management.
    3. Enable SAML checkbox.
    4. Copy the IDP information and paste them in Vtiger.
    5. Click on the Save button and get the Service Provider Entity ID and ACS URL.
    6. Enter your CRM’s SAML login URL to login via ADFS.

    Vtiger SAML application in Azure AD

    Installation of Vtiger SAML in Azure AD

    Follow these steps to install the Vtiger SAML application in Azure AD

    • Open your Azure AD portal
    • Go to Azure Active Directory
    • Click on Enterprise Applications option under Manage tab
    • Click on the Add New Application button
    • Search for Vtiger in the Enterprise Applications
    • Click on Vtiger CRM (SAML) app and click Add

    Now, go to Vtiger SAML app.

    1. Click on Single sign-on option under Manage tab
    2. Select SAML
    3. Next, set up Single Sign-On with SAML
    4. Configure the Basic SAML entity values in AD and Vtiger
    5. Add users

    Note: Usernames of Vtiger account and Active Directory account must match for single sign-on service.

    Was this article helpful?
    0  out of  0  found this helpful.
    Comments 0
    Be the first to comment
    Home
    Privacy Policy
    Terms of Service
    Security Center
    Policy & Legal Center
    Contact Us
    © Copyright 2023 Vtiger. All rights reserved.
    Powered by Vtiger