Access Control Service or Windows Azure Access Control Service (ACS) is a cloud-based service owned by Microsoft that ensures secure and easy user authentication and authorization to gain access to web applications. This aids in application developments and allows users to login in multiple application with reduced number of authentications.
Unlike other Single Sign-On services, ACS offers third party login via social media platform such as Yahoo, Gmail, Windows Live, etc. along with Corporate Login.
Note that ACS can only be configured if ADFS 2.0 is configured. Click on How To Setup SSO Using ADFS 2.0 to learn more.
Configuration consists of following two sections which consist detail steps of configuration:
- Configuration on AccessControlManagement
- Configuration on VIDIZMO
Relying Party Configuration in AccessControlManagement
2. At Sign In page:
i. Enter your email address.
ii. Click on Continue.
3. It will look for your account. Once done:
i. Enter your Email Address and Password.
ii. Click on Sign in.
4. After successfully logging in, click on Relying party applications.
5. On the Relying Party Applications page, click on Add. Relying party applications can be your website or application for which you want to use ACS to implement federated authentication. In this case, VIDIZMO Account/Channel is the relying party application.
6. At Add Relying Party Application page:
i. Enter a display name for this relying party application.
ii. Enter the Realm URL. Here, you will enter your Account/Channel URL for which ACS will issue a valid security token. The URL will be: Http://[your VIDIZMO domain]
iii. Enter the Return URL to which ACS will redirect the users for signing in. The URL will be: Http://[your VIDIZMO domain]/Handlers/Signinhandler.ashx
iv. Enter Error URL to which ACS will redirect users if an error occurs during the signing in process. The URL will be: Http://[your VIDIZMO domain]/Handlers/Signinhandler.ashx
7. From the dashboard, click on Identity providers.
8. At Identity Providers page, click on Add to add an identity provider which you want to authenticate into your relying party application created above.
9. You will redirect to Add WS-Federation Identity Provider page. Here:
i. Enter a display name for your identity provider.
ii. Enter the URL for WS-Federation metadata document for your server.
iii. Enter the text to display for the login link for this identity provider.
10. Click on Next to proceed.
11. Click on Rule groups from the Dashboard.
12. Select a rule group from the list.
13. You will redirect to Edit page of that Rule Group. Click on Generate to generate the claims.
14. At Generate Rules page:
i. Select the identity provider for which you want to generate rules.
ii. Click Generate.
15. The rules will be generated.
16. Click on Save to update the changes.
Service Provider Configuration in VIDIZMO
1. At Account/Channel Homepage, go to Admin >> Settings.
2. At Settings page, click on Login tab.
3. Click on Enable under 3rd Party Login box.
i. Enter the ACS URL.
ii. Click on Done.
5. Now click on Enable under Trusted Domains box.
6. At Trusted Domains:
i. Enter ACS URL in the text box.
ii. Select Allow embedding on above domain(s) only check box.
iii. Click on Done.
7. Click on Update to save changes.
8. A message will appear stating: Channel details have been updated successfully.