This article explains how to configure Microsoft's Azure Active Directory Single-Sign-On (SSO) with the Foxit Admin Console (AC) so that users activate our solutions (Foxit PDF Editor, Foxit Sign... etc) using your organizations SSO.
These instructions may vary depending on your environment. If you have specific settings, you may need to check those with your IdP admins as Foxit only supports SSO as it is written in this article.
Prerequisites:
You must have a verified domain in Foxit Admin Console > Settings > Directory Setting.
1. Create an app
Under Azure Services, select Azure Active Directory
Select Enterprise applications
Select All applications → click New application
Click on Create your own application → Fill in the name of your app → check Non-gallery
2. Setup SAML App
Under <your APP | Overview> → Select Single sign-on → select SAML
Click on the pencil to Edit Basic SAML Configuration
Navigate to the Admin Console and navigate to Settings> Directory Settings> Directories tab> Add directory. Name the directory you wish to create
Select Create and Continue
Choose Azure as the Connector.
Select Email or User principal name (UPN) as the Source attribute.
Specifically,
If you select Email, the email attribute (see the screenshot below) in Azure will be the account ID in Foxit AC. If there is no email set, will use UPN instead.
If you Select User Principal Name, the user principal name in Azure will be the account ID in Foxit AC.
Get SP Entity ID and SP Assertion Consumer Service URL from Admin Console.
Put them in Identifier and Reply URL of Basic SAML Configuration, respectively
If you want to redirect to Admin Console from Microsoft Azure, enter the domain name of Admin Console in the Relay State column under Basic SAML Configuration:
Click Save
Click on the pencil to Edit User Attributes & Claims
Click Add new claim
Input email to Name (Note: the first letter of ‘email’ is lowercase), and for the Source attribute:
If you choose User principal name (UPN) as the source attribute in the Foxit Admin Console, we suggest inputing the user.userprincipalname.
If you choose Email as the Source attribute in the Foxit Admin Console, we suggest inputing user.mail.
If you are using email aliases in your Azure environment, set the source attribute to user.primaryauthoritativeemail
Note that the Foxit Editor uses the email account to log in, so please confirm that the attribute value set to "email" should be the email addresses that the users log in with. Sometimes the email addresses in user.userprincipalname are different from those in user.mail, please make sure to use the correct one.
Add New Claim again. Input firstname to Name, user.givenname to Source attribute.
Add new claim again. Input lastname to Name, user.surname to Source attribute.
The final configuration is as follows.
3. Copy information into Foxit Admin Console
Download the (Base64) Certificate under SAML Signing Certificate. (We will use it later)
Copy the Login URL and Azure ID Identifier.
In the Foxit Admin Console enter:
- The Azure Login URL under Identity provider SSO URL,
- Paste the Azure ID Identifier under Identity provider Entity ID
- and the contents of the (Base64) certificate under Public x509 certificate.
Click here if you don't know how to copy the contents of your certificate.
