Articles in this section
Login to Vtiger on SSO SAML using ADFS
Table of Contents
Vtiger CRM integrates with Active Directory (AD) to allow administrators to enable single sign-on (SSO) for all CRM users.
You can login to Vtiger CRM directly from the organizational accounts hosted in Active Directory.
Note! This feature is available in Vtiger One Professional, Vtiger One Enterprise editions.
Requirements to use ADFS to login to Vtiger
- An Active Directory instance where all users have an email address attribute.
- An SSL certificate with the fingerprint to sign your ADFS login page
- An installed certificate for the hosted SSL if you’re using host mapping in Vtiger.
- After the successful installation, get the value of ‘SAML 2.0/W-Federation’ URL in the ADFS Endpoints section. The URL includes ‘/adfs/ls/’ if the default settings are chosen.
Establish a connection between Vtiger and ADFS
Connect Vtiger and ADFS
Set up the connection between Vtiger and ADFS defined using Relying Party Trust(RPT)
Follow the below steps
- Go to Server Manager > Tools > ADFS Management > Relying Party Trusts folder.
Click on Actions and add Vtiger as a trusted party.
In the Select Data Source screen, select ‘Enter Data About the Party Manually’.
Enter the ‘Display’ name.
Choose the ADFS profile.
Set up the certificate settings.
- Enable ‘Support for the SAML 2.0 WebSSO protocol’ and replace subdomain with your domain name.
Note! no trailing slash at the end of the URL.
Next, add a Relying party trust identifier of your domain.
Permit all users to access this relying party.
Rule 1: Send LDAP Attributes as Claims rule.
Using Active Directory as your attribute store, do the following:
- From the LDAP Attribute column, select E-Mail Addresses.
- From the Outgoing Claim Type, select E-Mail Address.
Rule 2: Transform an Incoming Claim.
Select E-mail Address as the Incoming Claim Type.
- For Outgoing Claim Type, select Name ID.
- For Outgoing Name ID Format, select Email.
Adjusting the trust settings
To adjust the trust settings, select ‘Properties’ in the Actions sidebar while you have the RPT selected.
In the Advanced tab, make sure SHA-256 or SHA-1 is specified as the secure hash algorithm
You can also set up the Endpoint log out URL.
Next, configure Vtiger by downloading ADFS certificate in Base 64 format and authenticate ADFS certificate in Vtiger.
After setting up ADFS, you need to configure your Vtiger instance to authenticate using SAML. Follow the steps in our documentation for enabling SAML. You’ll use your full ADFS server URL with the SAML endpoint as the SSO URL, and the login endpoint you created as the logout URL.
To get the x.509 Certificate, Follow these steps
- Download the Active Directory Federation Services (ADFS) Certificate
- Open Active Directory Federation Services (ADFS)
Select Certificates from the left Menu
Under “Token Signing” right click on the certificate that needs to be downloaded
Select View Certificate
In the Certificate window, click on the details tab and then click on “Copy to file”.
In the certificate export wizard, click on next
Select the format as “Base-64 encoded binary X.509 (.CER)” and click on next.
Enter a filename and then click on next and finish to save the certificate
Configure SAML in Vtiger.
Follow the steps below to configure SAML in Vtiger.
- Hover over and click on Settings.
- Click on Authentication under User Management.
- Enable SAML checkbox.
- Copy the IDP information and paste them in Vtiger.
- Click on the Save button and get the Service Provider Entity ID and ACS URL.
- Enter your CRM’s SAML login URL to login via ADFS.
Vtiger SAML application in Azure AD
Installation of Vtiger SAML in Azure AD
Follow these steps to install the Vtiger SAML application in Azure AD
- Open your Azure AD portal
- Go to Azure Active Directory
- Click on Enterprise Applications option under Manage tab
- Click on the Add New Application button
- Search for Vtiger in the Enterprise Applications
- Click on Vtiger CRM (SAML) app and click Add
Now, go to Vtiger SAML app.
- Click on Single sign-on option under Manage tab
- Select SAML
- Next, set up Single Sign-On with SAML
- Configure the Basic SAML entity values in AD and Vtiger
- Add users
Note: Usernames of Vtiger account and Active Directory account must match for single sign-on service.