This article explains how to configure Microsoft's Azure Active Directory Single-Sign-On (SSO) with the Foxit Admin Console so that users activate our solutions (Foxit PDF Editor, Foxit Sign... etc) using your organizations SSO.
These instructions may vary depending on your environment. If you have specific settings, you may need to check those with your IdP admins as Foxit only supports SSO as it is written in this article.
You must have a verified domain in Foxit Admin Console > Settings > Directory Setting.
1. Create an app
Under Azure Services, select Azure Active Directory
Select Enterprise applications
Select All applications → click New application
Click on Create your own application → Fill in the name of your app → check Non-gallery
2. Setup SAML App
Under <your APP | Overview> → Select Single sign-on → select SAML
Click on the pencil to Edit Basic SAML Configuration
Get SP Entity ID and SP Assertion Consumer Service URL from Admin Console
Put them in Identifier and Reply URL of Basic SAML Configuration, respectively
If you want to redirect to Admin Console from the Microsoft Azure, enter the domain name of Admin Console in the Relay State column under Basic SAML Configuration：
Click on the pencil to Edit User Attributes & Claims
Click Add new claim
Input email to Name, and user.userprincipalname to Source attribute.
Note: the first letter of ‘email’ is lowercase.
If you are using email aliases in your Azure environment, please set source attribute to user.primaryauthoritativeemail
Note that the Editor uses the email account to log in, so please confirm that the user principal name is the email account.
Add New Claim again. Input firstname to Name, user.givenname to Source attribute.
Add new claim again. Input lastname to Name, user.surname to Source attribute.
The final configuration is as follows.
3. Copy information into Foxit Admin Console
Download the (Base64) Certificate under SAML Signing Certificate. (We will use it later)
Copy the Login URL and Azure ID Identifier.
In the Foxit Admin Console enter:
- The Azure Login URL under Identity provider SSO URL,
- Paste the Azure ID Identifier under Identity provider Entity ID
- and the contents of the (Base64) certificate under Public x509 certificate.
Click here if you don't know how to copy the contents of your certificate.