Configuring. SugarCRM. Chapter 121



Similar documents
SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Connected Data. Connected Data requirements for SSO

Configuring. SuccessFactors. Chapter 67

Configuring SuccessFactors

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Configuring Parature Self-Service Portal

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

SAML single sign-on configuration overview

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

SAP NetWeaver AS Java

Configuring on-premise Sharepoint server SSO

Configuring Salesforce

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Sharepoint server SSO

Configuring. Moodle. Chapter 82

SAML single sign-on configuration overview

Creating a generic user-password application profile

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Centrify Cloud Management Suite

AVG Business SSO Partner Getting Started Guide

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

An Overview of Samsung KNOX Active Directory-based Single Sign-On

McAfee Cloud Identity Manager

Configuring an ios App Store application

Managing users. Account sources. Chapter 1

Google Apps Deployment Guide

Egnyte Single Sign-On (SSO) Installation for Okta

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring user provisioning for Amazon Web Services (Amazon Specific)

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

User-password application scripting guide

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

SAML application scripting guide

Centrify Mobile Authentication Services for Samsung KNOX

Egnyte Single Sign-On (SSO) Installation for OneLogin

Centrify Mobile Authentication Services

IIS, FTP Server and Windows

Using Internet or Windows Explorer to Upload Your Site

Cloud Services MDM. Control Panel Provisioning Guide

Defender Token Deployment System Quick Start Guide

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Managing policies. Chapter 7

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

McAfee Cloud Identity Manager

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Flexible Identity Federation

OneLogin Integration User Guide

Advanced Configuration Steps

Using Devices. Chapter 3

McAfee Cloud Identity Manager

Fax User Guide 07/31/2014 USER GUIDE

McAfee Cloud Single Sign On

User Management Tool 1.5

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Citrix Virtual Classroom. Deliver file sharing and synchronization services using Citrix ShareFile. Self-paced exercise guide

Technical Support Set-up Procedure

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Single Sign-on Frequently Asked Questions

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

NOTE: New directions for accessing the Parent Portal using Single Sign On

Security Assertion Markup Language (SAML) Site Manager Setup

Identity as a Service Powered by NetIQ IdentityAccess Service Configuration and Administration Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Setting Up Resources in VMware Identity Manager

Secure Messaging Service

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Flexible Identity Federation

Office 365 deployment checklists

Introduction and overview view of Citrix ShareFile provisioning. Preparing your Citrix ShareFile account for provisioning

Office 365 deploym. ployment checklists. Chapter 27

CA Performance Center

FileCruiser. Desktop Agent Guide

VMware Identity Manager Administration

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

SchoolBooking SSO Integration Guide

Employee Active Directory Self-Service Quick Setup Guide

The Customer page is only displayed in Admin Portal on Managed Service Provider accounts. It is not displayed in customer accounts.

Remedy ITSM Service Request Management Quick Start Guide

State Health Repository Tool (SHRT) Testing Instructions

Using the Content Distribution Manager GUI

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Sophos Mobile Control Startup guide. Product version: 3.5

Copyright Pivotal Software Inc, of 10

Lync Online Deployment Guide. Version 1.0

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Guide for Generating. Apple Push Notification Service Certificate

SonicWALL SSL VPN 3.5: Virtual Assist

Sophos Mobile Control Startup guide. Product version: 3

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Getting Started with the Aloha Community Template for Salesforce Identity

QUICK INSTALLATION GUIDE ACTIVATE

Center for Faculty Development and Support. Gmail Overview

APNS Certificate generating and installation

Mobile Device Management Version 8. Last updated:

USC Marshall School of Business ShareFile_With_Outlook_Client_v2.docx 6/12/13 1 of 9

Self-Service Password Manager

Transcription:

Chapter 121 Configuring SugarCRM The following is an overview of the steps required to configure the SugarCRM Web application for single sign-on (SSO) via SAML. SugarCRM offers both IdP-initiated SAML SSO (for SSO access through the user portal or Centrify mobile applications) and SPinitiated SAML SSO (for SSO access directly through the SugarCRM web application). You can configure SugarCRM for either or both types of SSO. Enabling both methods ensures that users can log in to SugarCRM in different situations such as clicking through a notification email. SP-initiated SSO for SugarCRM is automatically enabled when the SAML feature is activated. Note 1 Prepare SugarCRM for single sign-on (see "SugarCRM requirements for SSO" on page 121-2). 2 In the Centrify Cloud Manager, add the application and configure application settings. Once the application settings are configured, complete the user account mapping and assign the application to one or more roles. For details, see "Configuring SugarCRM in Cloud Manager" on page 121-3. 3 Configure the SugarCRM application for single sign-on. You will need to copy some settings from Application Settings in Centrify Cloud Manager and paste them into fields on the SugarCRM website. For details, "Configuring SugarCRM on its web site" on page 121-6 After you have finished configuring the application settings in the Cloud Manager and the SugarCRM application, users are ready to launch the application from the Centrify user portal. 1

Preparing for Configuration Preparing for Configuration SugarCRM requirements for SSO Before you configure the SugarCRM web application for SSO, you need the following: An active SugarCRM account with administrator rights for your organization. A signed certificate. You can either download one from Cloud Manager or use your organization s trusted certificate. Contact SugarCRM to request that they add cloud.centrify.com to the domain in config_override.php. Setting up the certificates for SSO To establish a trusted connection between the web application and the cloud service, you need to have the same signing certificate in both the application and the application settings in Cloud Manager. If you use your own certificate, you upload the signing certificate and its private key in a.pfx or.p12 file to the application settings in Cloud Manager. You also upload the public key certificate in a.cer or.pem file to the web application. To download an application certificate from Cloud Manager (overview): 1 In the Apps page, add the application. 2 Click the application to open the application details. 3 In the Application Settings tab, click Download Signing Certificate to download and save the certificate. What you need to know about SugarCRM Each SAML application is different. The following table lists features and functionality specific to SugarCRM. Capability Web browser client Supported? Support details Mobile client ios and Android. SAML 2.0 SP-initiated SSO Chapter 121 Configuring SugarCRM 2

Configuring SugarCRM in Cloud Manager Capability IdP-initiated SSO Force user login via SSO only Separate administrator login after SSO is enabled Only administrators can log in. User or Administrator lockout risk After SAML settings are enabled and saved, there is no back door to login to SugarCRM by username-password. Automatic user provisioning Multiple User Types Admin user No End users Self-service password Users can reset their own passwords. Resetting another user s password requires administrator rights. Access restriction using a corporate IP range Supported? Support details You can specify an IP Range in the Cloud Manager Policy page to restrict access to the application. Configuring SugarCRM in Cloud Manager To add and configure the SugarCRM application in Cloud Manager: 1 In Cloud Manager, click Apps. 2 Click Add Web Apps. The Add Web Apps screen appears. 3 On the Search tab, enter the partial or full application name in the Search field and click the search icon. 4 Next to the application, click Add. 5 In the Add Web App screen, click to confirm. Cloud Manager adds the application. 6 Click Close to exit the Application Catalog. The application that you just added opens to the Application Settings page. 7 Configure the following: Field Your SugarCRM sub-domain Set it to Your company name, domain, or ID What you do Enter the part of the URL specific to your SugarCRM account. If your SugarCRM URL is https://acme.sugarondemand.com/ enter acme Cloud Manager user s guide 3

Configuring SugarCRM in Cloud Manager 8 Copy the Login URL and save it so that you can access it when "Configuring SugarCRM on its web site" on page 121-6. 9 Click Download Signing Certificate. Save this file so that you can access it when "Configuring SugarCRM on its web site" on page 121-6. 10 On the Application Settings page, expand the Additional Options section and specify the following settings: Option Application ID Show in User app list Security Certificate Description Configure this field if you are deploying a mobile application that uses the Centrify mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The cloud service uses the Application ID to provide single sign-on to mobile applications. Note the following: The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field. There can only be one SAML application deployed with the name used by the mobile application. The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters. Select Show in User app list to display this web application in the user portal. (This option is selected by default.) If this web application is added only to provide SAML for a corresponding mobile app, deselect this option so the web application won t display for users in the user portal. These settings specify the security certificate used for secure SSO authentication between the cloud service and the web application. Select an option to change the security certificate. Use existing certificate displays beneath it the certificate currently in use. The Download button below the certificate name downloads the current certificate through your web browser to your computer so you can supply the certificate to the web application during SSO configuration. It s not necessary to select this option it s present to display current status. Use the default tenant signing certificate selects the cloud service standard certificate for use. This is the default setting. Use a certificate with a private key (pfx file) from your local storage selects any certificate you want to supply, typically your organization s own certificate. To use this selection, you must click Browse to upload an archive file (.p12 or.pfx extension) that contains the certificate along with its private key. If the file has a password, you must enter it when prompted. Chapter 121 Configuring SugarCRM 4

Configuring SugarCRM in Cloud Manager 11 (Optional) On the Description page, you can change the name, description, and logo for the application. For some applications, the name cannot be modified. The Category field specifies the default grouping for the application in the user portal. Users have the option to create a tag that overrides the default grouping in the user portal. 12 On the User Access page, select the role(s) that represent the users and groups that have access to the application. When assigning an application to a role, select either Automatic Install or Optional Install: Select Automatic Install for applications that you want to appear automatically for users. If you select Optional Install, the application doesn t automatically appear in the user portal and users have the option to add the application. 13 (Optional) On the Policy page, specify additional authentication control for this application.you can select one or both of the following settings: Restrict app to clients within the Corporate IP Range: Select this option to prevent users outside the company intranet from launching this application. To use this option, you must also specify which IP addresses are considered as your intranet by specifying the Corporate IP range in Settings > Corporate IP Range. Require Strong Authentication: Select this option to force users to authenticate using additional, stronger authentication mechanisms when launching an application. Specify these mechanisms in Policy > Add Policy Set > Account Security Policies > Authentication. You can also include JavaScript code to identify specific circumstances when you want to block an application or you want to require additional authentication methods. For details, see Specifying application access policies with JavaScript. 14 On the Account Mapping page, configure how the login information is mapped to the application s user accounts. The options are as follows: Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userprincipalname or a similar field from the Centrify user service. Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account. Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script: Cloud Manager user s guide 5

Configuring SugarCRM on its web site LoginUser.Username = LoginUser.Get('mail')+'.ad'; The above script instructs the cloud service to set the login user name to the user s mail attribute value in Active Directory and add.ad to the end. So, if the user s mail attribute value is Adele.Darwin@acme.com then the cloud service uses Adele.Darwin@acme.com.ad. For more information about writing a script to map user accounts, see the SAML application scripting guide. 15 (Optional) On the Advanced page, you can edit the script that generates the SAML assertion, if needed. In most cases, you don t need to edit this script. For more information, see the SAML application scripting guide. On the Changelog page, you can see recent changes that have been made to the application settings, by date, user, and the type of change that was made. Note 16 Click Workflow to set up a request and approval work flow for this application. The Workflow feature is a premium feature and is available only in the Centrify Identity Service App+ Edition. See Configuring Workflow for more information. 17 Click Save. After configuring the application settings (including the role assignment) and the application s web site, you re ready for users to launch the application from the user portal. Configuring SugarCRM on its web site To configure the SugarCRM application on its web site: 1 In your web browser, go to the following URL and sign in: https://<your_subdomain>.sugarondemand.com 2 Click the arrow next to the avatar at the top of the page and select Admin. 3 Click Password Management. 4 Select the Enable SAML Authentication check box. 5 Enter the Login URL you saved in "Configuring SugarCRM in Cloud Manager" on page 121-3. 6 (Optional) Enter a logout URL in the SLO URL field. 7 Open the certificate file you downloaded in "Configuring SugarCRM in Cloud Manager" on page 121-3. 8 Copy the contents of the certificate file and paste it in the X509 Certificate field. 9 Click Save. Chapter 121 Configuring SugarCRM 6

For more information about SugarCRM For more information about SugarCRM Contact SugarCRM for more information about configuring SugarCRM for SSO. Cloud Manager user s guide 7

For more information about SugarCRM Chapter 121 Configuring SugarCRM 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information