To enable Azure AD(AAD) to be able to SSO to Apex Central, the following tasks have to be done:

1. Integrate AAD with on-premise AD by using "Azure AD Connect". For reference, visit this Microsoft article: Custom installation of Azure AD Connect.
2. In Azure AD panel, go to Enterprise applications.

   

3. Create a new application for the Apex Central instance:
   1. Click New Application.

      

   2. Select Non-gallery application, and set a display name for this Apex Central application.

      

4. Configure Single sign-on of Apex Central application:
   1. Go to Single sign-on page.

      

   2. Select SAML-based Sign-on as Sign on mode.

      

   3. Edit Basic SAML Configuration and configure SAML Settings:
      • https://<host-to-your-ApexCentral>/
      • https://<host-to-your-ApexCentral>/WebApp/login.aspx

      

   4. Edit User Attributes & Claims to add custom attributes with following settings:
      1. Click Add new claim.

         

      2. Configure the custom claim settings:
         • Name: windowsaccountname_TM
         • Namespace: http://schemas.microsoft.com/ws/2008/06/identity/claims

         

      3. Change Source type to Transformation and configure the following parameters:
         • Transformation: Join()
         • Parameter 1: user.netbiosname
         • Separator: \
         • Parameter 2: user.onpremisessamaccountname

         

   5. Confirm the settings.

      

   6. Assign users who can log in to the Apex Central application.
      1. Go to User and group in application dashboard, click Add user.

         

      2. Click User and groups and select a user or group.

         

      3. After clicking Assign, selected items will appear in dashboard.

         

1. Integrate AD with Apex One as a Service.
   For detailed instructions, visit the Integrate Active Directory (AD) with Apex One as a Service support page and go to step 2 of Synchronize AD information and authenticate AD accounts.
2. In Apex Central, go to Administration > Account Management > User Accounts.
3. Click Add.

   

4. Select Active Directory user or group, specify the User/Group name, and click Next.

   

   The Add New User screen appears.

5. Select the desired role, configure folder options and access rights, and then click Save.

   

6. Go to Administration > Settings > Active Directory and Compliance Settings > Active Directory Settings.
7. Configure ADFS for Apex Central.
   • Tick Enable Active Directory synchronization and Enable Active Directory authentication.

     

   • Specify the SSO service URL and Service identifier, and select the Signing certificate.

     Field name on Apex Central Setting page	Azure AD SSO Attribute Name
     SSO service URL	Login URL
     Server identifier	Azure AD Identifier
     Server certificate	certificate downloaded from AAD enterprise application

     

Identity (IdP) initiated SSO

1. Go to https://account.activedirectory.windowsazure.com/.
2. Click the application to initiate a single sign on to Apex Central.

   

SP initiated SSO

1. Enter an AD user in Apex Central login console, browser will redirect page to Azure.

   

   

2. After authentication, the page will be redirected back to Apex Central.