Configuring the Customer Portal: To Enable SSO with an External Identity Provider for the Customer Portal

The following activity will walk you through the process of enabling single sign-on (SSO) to the Customer Portal instance with a Microsoft account.

Attention:
This activity is based on the U100 dataset. If you are using another dataset, or if any system settings have been changed in U100, these changes can affect the workflow of the activity and the results of the processing. To avoid any issues, restore the U100 dataset to its initial state.

Story

Suppose that SweetLife Fruits & Jams has decided to make it possible for your company's employees to sign in to the Customer Portal instance with an external identity provider. Acting as a system administrator, you need to configure the single sign-on capabilities with a Microsoft account because the company uses Microsoft Office services.

Configuration Overview

In the U100 dataset, on the User Roles (SM201005) form of MYOB Acumatica, the Portal Admin role (which provides full administrative privileges on the Self-Service Portal) has been assigned to the gibbs username, which belongs to Kimberly Gibbs, the system administrator in the SweetLife Fruits & Jams company.

Process Overview

In this activity, to enable SSO for the Customer Portal, you will register your Customer Portal instance with the identity provider and obtain the OAuth 2.0 credentials, including the client ID and client secret.

After that, you will register the credentials you obtain on the Identity Provider Preferences (SM201065) form of the Customer Portal.

System Preparation

Before you start to enable SSO with an external identity provider, do the following:

  1. Deploy the MYOB Acumatica application instance with the U100 dataset preloaded and the Customer Portal application instance on the same database.
  2. Register the MYOB Acumatica instance with Microsoft Account, as described in To Configure Microsoft Azure for Integration with Your MYOB Acumatica Instance. (If you were registering the instance with Google, you would perform the actions described in To Register an MYOB Acumatica Instance with Google.) Make a note of the client ID and client secret, which you will need further in the activity.
  3. Sign in to a Customer Portal company with the U100 dataset preloaded. You should sign in as a system administrator with the following credentials:
    • Username: gibbs
    • Password: 123

Step: Configuring and Enabling SSO in the MYOB Acumatica Instance

To configure and enable SSO, do the following in the Customer Portal:

  1. Open the Identity Provider Preferences (SM201065) form.
  2. In the table, do the following in the row of the Microsoft Account identity provider:
    1. To enable SSO with this identity provider, select the Active check box.
    2. In the Realm column, enter the full URL of your instance—for example, http://app.site.net/instance_name.
    3. In the Application ID column, paste the client ID generated by the identity provider.
    4. In the Application Secret column, paste the client secret generated by the identity provider.
  3. On the form toolbar, click Save.

    You have enabled the SSO functionality for the Customer Portal instance.