2,826
Like
Share
ReportThis article will guide you on how to setup your external Vendors through Azure AD B2B and Azure SAML SSO to access your Dynamics AX 2012 R3 Enterprise Portal Site. In the previous article we discuss how to setup your Enterprise Portal site to work with Azure AD and Azure SAML SSO. This article assumes you have completed these steps already. If you haven't done this yet, Please go to https://community.dynamics.com/ax/b/ax2012administration/archive/2019/02/08/enterprise-portal-site-with-azure-ad-amp-azure-saml-sso-authentication and complete all steps first.
To add an external vendor to access your Enterprise Portal site go to https://portal.azure.com and log on to your Azure AD subscription & SharePoint on-premises single sign-on enabled subscription.
Setup External Vendor in Azure AD:
Click on Azure Active Directory, select Users, and then select New guest user.
Type the external vendors email address. you can use any Microsoft email, Gmail, Yahoo, that the external vendor has.
Click Invite
Assign new External Azure AD user access to your Enterprise Application:
Go to Enterprise applications, select All applications.
In the applications list, type and select the name of the Application you created when you first setup Azure SAML SSO.
In the menu on the left, select Users and groups.
Click the Add user button, then select Users and groups in the Add Assignment dialog.
In the Users and groups dialog, search for the external vendors AD user you created, click the user from the list, then click the Select button at the bottom of the screen.
If you are expecting any role value in the SAML assertion then in the Select Role dialog select the appropriate role for the user from the list, then click the Select button at the bottom of the screen.
In the Add Assignment dialog click the Assign button.
Grant External Vendor access to your on-premises SharePoint 2013:
The external vendor would have received an email with the invitation to enroll their account to access the Enterprise Portal site.
Once they enroll their account, they will see an address like joedoe_live.com#EXT#@Contoso.onmicrosoft.com.
The external user needs to record that address and send it to the person who will set them up in SharePoint 2013 and Dynamics AX 2012.
Without this unique address the authentication wont work in Dynamics AX 2012.
Log on to the SharePoint 2013 server that is hosting the external Enterprise Portal Site.
- In Central Administration, click Application Management.
- On the Application Management page, in the Web Applications section, click Manage web applications.
- Click the appropriate web application, and then click User Policy.
- In Policy for Web Application, click Add Users.
- In the Add Users dialog box, click the appropriate zone in Zones, and then click Next.
- In the Policy for Web Application dialog box, in the Choose Users section, click the Browse icon.
- In the Find textbox, type the sign-in name for a user in your directory and click Search. Example: joedoe_live.com#EXT#@Contoso.onmicrosoft.com.
- Under the AzureAD heading in the list view, select the name property and click Add then click OK to close the dialog.
- In Permissions, click Full Control.
- Click Finish, and then click OK.
Create a Claims user in Dynamics AX 2012:
- in Dynamics AX 2012 application navigate to System administration>Common>Users>Users and click New User.
Note: The User name should be the email address and Alias fields must be the unique format Example: joedoe_live.com#EXT#@Contoso.onmicrosoft.com. The Network domain must be The SPTrustedIdentityTokenIssuer you have specified Example: AzureAD. The Account type must be Claims user. The Default company can by whatever options you have available to you in the drop down and Security can be one of the built in roles or a custom role your organization has created.
Once you have completed these steps, the external user will be able to authenticate using their personal or work email address to access your Claims Aware Enterprise Portal Site.
*This post is locked for comments