This article provides directions to configure Single Sign On in Manuscript using Azure Active Directory as your identity provider.  In order to get started, you’ll need an Azure Active Directory account.

Configuring Azure Active Directory

Once you’ve logged into your Microsoft Azure portal, use the sidebar to navigate to Azure Active Directory. Click “Enterprise Applications”. Right click in the pane below the list of available apps and the click “Add”.

Screen Shot 2017-03-09 at 1.20.46 PM

 

 

Next, choose “Non-Gallery Application” under the “Add your own app” header and give the application a name (i.e. “Manuscript”), then click “Add”.

Screen Shot 2017-03-09 at 1.17.49 PM

 

 

Click “Configure single sign-on”.

Screen Shot 2017-03-09 at 1.27.21 PM

 

 

Choose “SAML-based Sign-on” in the top drop-down. Then, add the Identifier URL.

  • Manuscript On Site: https://{site name}.{host}/saml-sp (https if using SSL).
  • Manuscript: https://{your-manuscript-domain}.manuscript.com/saml-sp.

Next, add the Reply URL.

  • Manuscript On Site: https://{site name}.{host}/auth/SAML2/POST (https if using SSL).
  • Manuscript: https://{your-manuscript-domain}.manuscript.com/auth/SAML2/POST

You’ll also need to add the user attributes that Manuscript expects. You can delete any other attributes, but it isn’t necessary.

  • FogBugzFullName – which likely maps to user.userprinciplename
  • FogBugzEmail – which likely maps to user.mail (This will depend on your Azure Active Directory settings.)

Make sure the “Notification Email” field is correct. It should be pre-populated with the email address associated with your Azure account.

Click “Create new certificate” and set an expiration date in the future.  You’ll have to do this again before the expiry date.

Click “Make new certificate active”, then click “Save” at the top of the form. Confirm when prompted to make the new certificate active again.

Download the certificate and open in a text editor. You may need to change the file extension to .txt if it won’t allow you to select your text editor when opening.

Click the “Configure Manuscript” link toward the bottom of the page, and keep the “SAML Single Sign-On Service URL” available to you as you configure Manuscript.

 

Configuring Manuscript

Click the “Authentication” tab at “Settings” > “Site Configuration.  Choose either:

  • “Username and Password or SAML Authentication” to allow your users to choose their authentication type
  • “SAML Authentication” to require your users to always use SAML SSO

Copy/paste the SAML Single Sign-On Service URL into the “Identity Provider URL” field.

Copy/paste the full text of the certificate you downloaded into the “Public x509 Signing Certificate” field.

Click “OK”, and you should be all set up!