SAML Multi login configuration

On this page	1 What's about 2 Video Tutorial 3 Configuration 4 Login on XCALLY

On this page	1 What's about 2 Video Tutorial 3 Configuration 4 Login on XCALLY

FROM VERSION 3.51.0

What's about

This configuration enable multiple XCALLY users for single SAML authentication account.
XCALLY therefore supports the association of multiple XCALLY users (Admin, Users, Agents) with the same Microsoft Azure account using SAML, thus allowing the Microsoft Azure user to use the XCALLY web interface and functionality based on the XCALLY user type.

Before, the system supported a single Microsoft Azure user to be associated with a single XCALLY user, based on the email field configured on XCALLY.
Instead this model allows for easy-to-use SSO (single sign on) by changing the type of user and avoiding the need for additional Microsoft accounts for supervisors, thus reducing costs.

Video Tutorial

https://app.guidde.com/share/playbooks/hf9aUSwQAhmj3ZrkRfy3Q6?origin=3wPlti10dEfOGQjG7BKQvB2q4IC3

Configuration

You must have already configured SAML SSO standard access on Motion V3, the client and the .env file.

Gather the admin credential for your Azure portal configuration
After you configured the SAML application as explained on the wiki (SAML SSO with Microsoft Azure), when configuring the Attributes & Claims section, you can add a new field that you will use for the multi login authentication.

The ssoid attribute has to be configured, so in this case the Azure user email value it’s been assigned to that new attribute.
You can also choose to use another value instead of the email, but in case you are going to use the email you can just avoid this step and directly use the email attribute in the .env configuration (see the next point)

Edit the .env environment file, located under /var/opt/motion2/.env path and edit the file to add the multi login parameter ssoid (avoid any space character):

XC_SAML_MULTI_USER_FIELD=ssoid

As mentioned above, if you use the Azure user email as multi login attribute, instead of a custom value, you can use the email attribute directly:
XC_SAML_MULTI_USER_FIELD=email

Save the .env file and restart the motion2 service from the server console:

su – motion 
pm2 restart motion2

Having SAML SSO already enabled, edit all the agents/admins/users that you want to associate with your Azure user, and insert in Account/Authentication section the value of the attribute SSO ID you want to use for the multi login in the SAML ID field. For example, if you decide to use the email field, insert the desired email of your Azure user and save the configurations.

Login on XCALLY

By setting this variable on env file, the system will search users with the SAML ID equal to value set in SSO ID.
So from login page, try to login with Login with SAML button and you will view a popup with the different users you can access with, with indication of relative roles.

Just choose one and click on login.