SAML 2.0

This section is complementary to the step 11 in Installing the Web Application and Distribution.

It is possible to associate Nectari to an SSO server using SAML2 protocol.

Important

SAML2 will not work with Web Central Point Configurator and DataSync.

SAML2 is only available On-Premise installation.

Many service providers offer SSO.

For example, the following procedure is given by Microsoft for Azure SSO (click here for more details).

  1. Add an unlisted application Azure AD Single Sign-On .
  2. Enter the following information:
  3. The next screen provides the following information:
    • A certificate to save in:C:\inetpub\wwwroot\WebClient\App_Data.
    • Issuer URL: copy and paste to the line ID Provider Issuer Name.
    • Single Sign-ON Service URL: copy and paste to the line ID Provider URL.
    • Single Sign-OUT: note that Single Sign Out is currently not available. Sign out of Nectari has to be done in its own application.
Note

A field with the login for Nectari must also be defined. This name has to match with the line for SAML2 answer’s attribute for user name. This is used for SSO with Active Directory.

Example

Here, the name is mailnickname:

Note

More details on this setting can be found here.

  1. The last step is to authorize users to use the application. Then they will be able to connect to Nectari at the same time than their other services.
Important

Web Browsers have updated their policy regarding Cookies and these changes must be applied to your Web Client if you want Nectari embedded into your ERP website, or use Single Sign-On (SSO). Refer to Cookie Management for more details.