Configuring Single Sign-On (SSO) in iCFM (for Experts)

This user guide will walk you through configuring Single Sign-On (SSO) for CETA iCFM using Azure Active Directory, Okta, or JumpCloud as the identity provider

Accessing the SSO Configuration Page:

• Log in to CETA iCFM with an administrator account
• Click on the main menu and select Admin Options
• From Admin Options, select SSO Configuration
• Within SSO Configuration, select Azure, Okta, or JumpCloud The right-hand panel will display input fields for the selected identity provider

Configuring Azure Active Directory SSO:

1. Create a New Application in the Azure Portal

• Go to Azure Portal and sign in with your Azure credentials
• Navigate to App registrations (direct link)
• Click + New registration
• Enter CETA Cloud as the application name
• For Supported account types, select the appropriate option (typically Accounts in this organizational directory only)
• Under Redirect URI, select Weband enter:
  • Login callback:https://{client-name}cetacloudtv/login/azure/callback
  • Artist Access callback (if applicable):https://{client-name}cetacloudtv/artistaccess/auth/azure/callback
• Click Register

2. Obtain Required Azure Credentials

• Copy the Application (client) ID from the Overview page
• Navigate to Certificates & secrets and create a new Client Secret Copy the Value immediately
• Copy the Directory (tenant) ID from the Overview page

3. Check and Configure API Permissions

• Navigate to API Permissions > Add a permission > Microsoft Graph > Delegated permissions
• Ensure the following permissions are added:
  • email - View users' email address
  • openid - Sign users in
  • profile - View users' basic profile
  • UserRead - Sign in and read user profile
• Click Grant admin consent for {your organization} and confirm

4. Configure CETA iCFM with Azure Active Directory

• In CETA iCFM, go to SSO Configuration
• Select Azure as the SSO provider
• Enter the Tenant ID, Client ID, and Client Secret
• Click Save

Configuring Okta SSO:

1. Create a New OIDC Application in Okta

• Log in to the Okta Developer Console
• Navigate to Applications > Add Application
• Select Web as the platform and click Next
• Enter CETA Cloud as the application name
• Enter the following URIs:
  • Base URI:https://{client-name}cetacloudtv
  • Login redirect URI:https://{client-name}cetacloudtv/login/okta/callback
  • Artist Access callback (if applicable):https://{client-name}cetacloudtv/artistaccess/auth/okta/callback
• Click Done

2. Obtain Required Okta Credentials

• Copy the Client ID and Client Secret from the General tab
• Copy the Org URL from the Dashboard

3. Configure CETA iCFM with Okta

• In CETA iCFM, go to SSO Configuration
• Select Okta as the SSO provider
• Enter the Client ID, Client Secret, and Org URL
• Click Save

Configuring JumpCloud SSO:

1. Create a New OIDC Application in JumpCloud

• Log in to the JumpCloud Admin Portal
• Navigate to Applications > + Add New
• Select Custom OIDC App
• Enter CETA Cloud as the application name
• Enter the following URIs:
  • Redirect URI:https://{client-name}cetacloudtv/login/jumpcloud/callback
  • Artist Access callback (if applicable):https://{client-name}cetacloudtv/artistaccess/auth/jumpcloud/callback
• Click Activate

2. Obtain Required JumpCloud Credentials

• Copy the Client ID and Client Secret from the Settings tab

3. Configure CETA iCFM with JumpCloud

• In CETA iCFM, go to SSO Configuration
• Select JumpCloud as the SSO provider
• Enter the Client ID and Client Secret
• Click Save

Summary:

Now you have successfully configured Single Sign-On for CETA iCFM using Azure Active Directory, Okta, or JumpCloud