Microsoft Entra ID integration and SSO
Note: Microsoft ended support for Azure Active Directory Authentication Library (ADAL) in June 2023.
All 8.0 versions of FotoWeb On-Premises use the Azure Active Directory Authentication Library (ADAL) for Single Sign-on (SSO) with Microsoft Entra ID. FotoWeb 8.1 uses the newer Microsoft Authentication Library (MSAL) and is therefore supported by Microsoft. For security reasons and to ensure that SSO will continue to work, we recommend that all customers using FotoWeb On-Premises 8.0 and SSO with Microsoft Entra ID update to the FotoWeb version 8.1.
How it works
With Microsoft Entra ID (formerly Azure Active Directory) authentication, users and groups are managed in the Microsoft Azure portal in much the same way as on a Windows Active Directory server. Changes made to groups in Microsoft Entra ID are automatically implemented for the user the next time they log in.
Note: Users that are removed in AD are not removed from FotoWeb as there is no synchronization between Microsoft Entra ID and FotoWeb on the group level. This means users deleted in Microsoft Entra ID must be manually removed from FotoWeb.
Microsoft Entra ID integration involves the following steps:
- Adding the FotoWeb site to the Azure portal
- Enabling Microsoft Entra ID integration on the FotoWeb site
- Linking FotoWeb groups to an identity provider
- Assigning access to FotoWeb archives based on the groups you've imported
Note: When linking groups to your identity provider, users are not immediately added to the FotoWeb user database. Users will be linked the first time they log in.
Note: To connect the client to Microsoft Entra ID , you need to set up a secure connection, so FotoWeb needs to be configured with TLS (HTTPS) and a trusted certificate. For more information, see Configuring FotoWeb for secure connections.