Views:

To enable Microsoft Entra ID to be able to SSO to Apex Central, the following tasks have to be done:

  1. Integrate Microsoft Entra ID with on-premise AD by using "Microsoft Entra ID Connect". For reference, visit this Microsoft article: Custom installation of Microsoft Entra ID Connect.
  2. In Microsoft Entra ID panel, go to Enterprise applications.

    Enterprise Application

  3. Create a new application for the Apex Central instance:
    1. Click New Application.

      New Application

    2. Select Non-gallery application, and set a display name for this Apex Central application.

      Non-gallery app

  4. Configure Single sign-on of Apex Central application:
    1. Go to Single sign-on page.

      SSO page

    2. Select SAML-based Sign-on as Sign on mode.

      SAML-based Sign-on

    3. Edit Basic SAML Configuration and configure SAML Settings:
      • https://<host-to-your-ApexCentral>/
      • https://<host-to-your-ApexCentral>/WebApp/login.aspx

      Basic SAML Config

    4. Edit User Attributes & Claims to add custom attributes with following settings:
      1. Click Add new claim.

        Add new claim

      2. Configure the custom claim settings:
        • Name: windowsaccountname_TM
        • Namespace: http://schemas.microsoft.com/ws/2008/06/identity/claims

        Manage claim

      3. Change Source type to Transformation and configure the following parameters:
        • Transformation: Join()
        • Parameter 1: user.netbiosname
        • Separator: \
        • Parameter 2: user.onpremisessamaccountname

        Manage Transformation

    5. Confirm the settings.

      Confirm Settings

    6. Assign users who can log in to the Apex Central application.
      1. Go to User and group in application dashboard, click Add user.

        Add User

      2. Click User and groups and select a user or group.

        Select User or Group

      3. After clicking Assign, selected items will appear in dashboard.

        User and groups list

  1. Integrate AD with Apex One as a Service.
    For detailed instructions, visit the Integrate Active Directory (AD) with Apex One as a Service support page and go to step 2 of Synchronize AD information and authenticate AD accounts.
  2. In Apex Central, go to Administration > Account Management > User Accounts.
  3. Click Add.

    Add user

  4. Select Active Directory user or group, specify the User/Group name, and click Next.

    Choose AD User

    The Add New User screen appears.

  5. Select the desired role, configure folder options and access rights, and then click Save.

    Select Role

  6. Go to Administration > Settings > Active Directory and Compliance Settings > Active Directory Settings.
  7. Configure ADFS for Apex Central.
    • Tick Enable Active Directory synchronization and Enable Active Directory authentication.

      AD and Compliance Settings

    • Specify the SSO service URL and Service identifier, and select the Signing certificate.
      Field name on Apex Central Setting pageMicrosoft Entra ID SSO Attribute Name
      SSO service URLLogin URL
      Server identifierMicrosoft Entra ID Identifier
      Server certificatecertificate downloaded from Microsoft Entra ID enterprise application

      SAML Sign Certificate

 
  • Expired SAML Signing Certificate can prevent successful authentication. You may refer to this article on how to create/renew the SAML Signing Certificate.
 

Identity (IdP) initiated SSO

  1. Go to https://account.activedirectory.windowsazure.com/.
  2. Click the application to initiate a single sign on to Apex Central.

    Click Apex Central

SP initiated SSO

  1. Enter an AD user in Apex Central login console, browser will redirect page to Azure.

    Enter Credentials

    Azure Login

  2. After authentication, the page will be redirected back to Apex Central.

    Apex Central console

Keywords: integrate tmcm and azure AD,configure tmcm and azure AD integration,connecting tmcm and azure AD