Content Comparison

Microsoft Azure single sign-on with Mercell
Contents

Table of Contents

...

Configure single sign-

...

on Azure

...

1. To configure single sign-on for with Azure, you need to have an Azure AD subscription and a Mercell SSO product.

2. In the Azure portal, on the left navigation panel, click Azure Active Directory icon.

...

1. On the SAML Signing Certificate section, click the copy button to copy App Federation Metadata URL and paste it into notepad.

...

1. Click Save button.

...

Anchor
_Toc528928956 _Toc528928956

Configure Azure users

1. Select Mercell application from Azure and select Users and groups. 

...

Guide from Microsoft https://docs.microsoft.com/da-dk/azure/active-directory/saas-apps/media/mercell-tutorial/tutorial_general_203.png

...

...

Note to PowerShell on Azure

If you need to extract AD user information, you can do it with PowerShell. Methods can be found on Microsoft Azure documentation.
https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaduser?view=azureadps-2.0

...

Configure single sign-on Mercell website

1. Login to Mercell website as customer admin

2. Click on company name

3. Click on Single sign-on icon

...

1. The result should look something like this

   Image RemovedImage Added

2. Click save

3. Your SSO setup is now completed. (SSO enforcement is optional, but recommended)

   Image RemovedImage Added

4. SSO - The SSO Enforcement consequence

...

If you usually use your corporate intranet for SSO login, then do as before.If you use an URL from Mercell, or connect directly to https://my.mercell.com, then you only need to click on the button called: «SSO login».

You will then have to enter your e-mail address as used in your company and click «Login». You will then be redirected to your own local SSO server, for a password. "Remember me" checkbox can be used to ensure that when accessing Mercell.com user is redirected directly to your own local SSO server. If login fails at local SSO server, user can access this page again and make changes.

After you entered your password inside your local corporate SSO server, then you will be redirected back to Mercell again, but you are now automatically logged into our portal.
You arrive either at your usual starting homepage, or at the specific Mercell URL you originally clicked on the first time.

...

...

For the customer's IT-department. Map own users

Script for extracting user's that need to be mapped to Mercell.Script:
get-aduser -filter * | ft Name,UserPrincipalName > c:\test\test.txt (or preferably a CSV-file)
The result should look like this
Rabattavtale NO       rabattavtale@mercell.com            
IUSR_web1               IUSR_web1@mercell.com               
PdfADev                pdfadev@mercell.com                     
Test VPN               tv@mercell.com   

This script is used to do an AD BIND, which ensures that your existing users inside our portal are not asked to register as new users in our portal, when they start using the SSO. You can import this as Customer administrator by first "Export users". This will export an Excel file where only "User ID" is editable.

Anchor
_Hlk516733745 _Hlk516733745

Note that it is not allowed to rename this file as you will then not be able to import the file. Fill in "UserPrincipalName" in "User ID" save the file and "Import users". This will map the users already in Mercell to their AD user.

Anchor
_Hlk517679250 _Hlk517679250

Anchor
_Hlk508704813 _Hlk508704813

This can be repeated if new users' needs to be added. It can also be done on contact, (my.mercell.com/m/crm/customer.aspx – Contacts) where Customer Admin will have a new field "External User ID".

Anchor
_Hlk11651315 _Hlk11651315

Note that if you have a user for restricted access named "(company name) SemiAnonymous users", it is important that this user has UserID SemiAnonymous, and this should not be deleted as this will remove access for the semi anonymous users.
Before starting the implementation, it is advisable to first do a startup meeting with Mercell, as there is some planning involved, and some steps to understand to not get duplicate problems or problems with users.
There is also a large impact on how the processes for creating new users are, both before, during and after the production. The success of the implementation will be determined on good control of the monitoring of this, as well as good communication with all relevant users involved.

...

...

New Users

...

1. Default action is to create a new contact. User will be created and will now be able to be found on customer contacts. Note user does not have an order so uncheck "Only users on order" and user can be found on the contacts list.

...

1. Second option is to decline unknown (in Mercell portal) users. If you want to add users, an administrator can create the user manually and map them manually as described in section 4.

1. Third option is to let unknown (in Mercell portal) users in as semi anonymous users (this is an alternative to IP restricted access). This allows these users to see agreements that are marked with: Show to intern IP/SSO restricted users.

...

Ver.no

...

Date

...

Changed by (Doc.owner)

...

Page

...

Change

...

Status

...

Approved by

...

Approved date

...

V4

...

22.06.2018

...

KE

...

All

...

Updated with option for several customers on one connection, option to map user on contact. Updated screenshots and description for better user understanding.

...

Approved

...

CTO

...

26.06.2018

...

V 4.1

...

02.11.2018

...

KE

...

 

...

Enhanced sections 2 and 4

...

Approved

...

CTO

...

02.11.2018

...

17.06.2019

...

KE

...

10

...

Added section about semi anon user

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

 

...

Find more about new users here