Azure Active Directory SSO/SAML Configuration

Help Center

April 06, 2023 16:40
Updated

This article explains how to configure Microsoft's Azure Active Directory Single-Sign-On (SSO) with the Foxit Admin Console so that users activate our solutions (Foxit PDF Editor, Foxit Sign... etc) using your organizations SSO.

These instructions may vary depending on your environment. If you have specific settings, you may need to check those with your IdP admins as Foxit only supports SSO as it is written in this article.

Prerequisites:

You must have a verified domain in Foxit Admin Console > Settings > Directory Setting.

Create an app
Setup SAML App
Copy Information into Admin Console
Help
FAQ

1. Create an app

Under Azure Services, select Azure Active Directory

Select Enterprise applications

Select All applications → click New application

Click on Create your own application → Fill in the name of your app → check Non-gallery

2. Setup SAML App

Under <your APP | Overview> → Select Single sign-on → select SAML

Click on the pencil to Edit Basic SAML Configuration

Navigate back to the Admin Console and navigate to Settings> Directory Settings> Directories tab> Add directory. Name the directory you wish to create

Select "Create and Continue"

Get SP Entity ID and SP Assertion Consumer Service URL from Admin Console.

Put them in Identifier and Reply URL of Basic SAML Configuration, respectively

If you want to redirect to Admin Console from the Microsoft Azure, enter the domain name of Admin Console in the Relay State column under Basic SAML Configuration：

Click Save

Click on the pencil to Edit User Attributes & Claims

Click Add new claim

Input email to Name, and user.userprincipalname to Source attribute.

Note: the first letter of ‘email’ is lowercase.

If you are using email aliases in your Azure environment, please set source attribute to user.primaryauthoritativeemail

Note that the Editor uses the email account to log in, so please confirm that the user principal name is the email account.

Add New Claim again. Input firstname to Name, user.givenname to Source attribute.

Add new claim again. Input lastname to Name, user.surname to Source attribute.

The final configuration is as follows.

3. Copy information into Foxit Admin Console

Download the (Base64) Certificate under SAML Signing Certificate. (We will use it later)

Copy the Login URL and Azure ID Identifier.

In the Foxit Admin Console enter:

The Azure Login URL under Identity provider SSO URL,
Paste the Azure ID Identifier under Identity provider Entity ID
and the contents of the (Base64) certificate under Public x509 certificate.

Click here if you don't know how to copy the contents of your certificate.

You're all done! Then you could select below one of ways to proceed.

If you would like to sync groups of users from Azure then manually assigning license, please refer to Microsoft Azure Active Directory (SAML SSO 2.0) user sync configuration – Help Center | Foxit Software
If you prefer automatically sync and assign Licenses based on specific AD Groups, perform these steps: Azure Active Directory (AAD) Automatic License Provisioning

4. Help

With help for any of these steps, please contact Microsoft or a more experienced Azure Admin within your organization.

5. FAQ

Troubleshoot "This sts.windows.net page can't be found" error

Troubleshoot "AADSTS50105" error

Troubleshoot "Invalid Account" error

Comments

0 comments

Please sign in to leave a comment.