Hi. This is Ghazwan Khairi, principal architect for Dell Software. Today we'll take a look at how to configure Microsoft SharePoint for use with Dell One Identity Cloud Access Manager. It's a fairly straightforward process. It's a three step process.
The first step includes installing Cloud Access Manager, so we're not going to cover that. Second step is adding SharePoint as an application to Cloud Access Manager so that users can start accessing it. And the third step is configuring SharePoint Server for work or for use with Cloud Access Manager. So we'll take a look at the second and third step.
The second step is creating or configuring SharePoint application in Cloud Access Manager. So let's take a look at that. I'm going to login to my Cloud Access Manager, and I'm going to log in as Administrator. You do want to login as Administrator because that's the only way for you to be able to add an application. We're going to click on Cloud Access Manager Administration. And under the Applications section we're going to go ahead and click on Add New, to add a new application.
What you're going to notice is a number of applications that you can use. These are templates that are kind of configured and shipped with Cloud Access Manager, and we're going to be setting this up for SharePoint 2010/2013. This is going to make the process much easier than if we were to do things manually, which is another option.
But we're going to use the template Settings SharePoint 2010/2013. The first thing is entering the SharePoint web application URL, mine is fairly straightforward, which I'm sure yours will be the same thing as well-- it is SharePoint port 80. So the name of the web application is SharePoint. And then the site folder. And that's the managed path sites, if there are any, slash and the name of the site collection I have is ATeam. So it's sharepoint/sites/ATeam.
And then, Please enter the realm SharePoint will use to identify itself. This is any variable that you want to type in here, just make sure you remember that, because this will be passed eventually on the third step when we're configuring SharePoint. It must start with urn and then can be anything. Typically, it's the name of the server dash the web application name, but I'm just going to say slash SharePoint. Actually, not even use caps or anything, just do SharePoint. OK? We're going to configure the application now.
So in this subject mapping you must specify an attribute from which Cloud Access Manager will derive the user name for login. In this example, we're going to use mail, and typically if you were to search online on how to configure SharePoint for SAML and Windows Federation Authentication you're going to find most cases use mail as well. So we're going to go ahead and click Next. Here in the claims mapping section there's nothing we need to do here, everything is kind of configured by the template that's the nice thing about using this template. So what we're going to do is simply click on Next.
In the permissions section, this is where you control which users can access the application. By default, if this is done for internal employees you want to add to everyone in Active Directory-- all the users group in Active Directory-- to have access to this. But you can restrict access, and access is restricted by AD groups, or whichever way you want to restrict access. It doesn't matter how users have logged in to Cloud Access Manager, there are different authentication methods so you can restrict access that way as well. In my case, I'm going to add administrator, and I'll go ahead and give users access to SharePoint.
The Application Name-- in my case, I'm just going to keep it as a SharePoint. So this is the application name you can call it SharePoint, you call it ATeam site, you can call it SharePoint 2013, totally up to you. And we're going to go ahead and click Next.
And what you notice is the Cloud Access Manager already fetched the icon for SharePoint. Typically you don't see that, you see a clip icon in here, and you come to the bottom and say, Fetch icon from the application. This is going to go to SharePoint, come back and say, OK I know what this icon looks like, and attach it next to it.
This is the address of where we're going to be logging in, so just make sure it's right, which is true-- SharePoint port 80 slash sites slash ATeam. And this is the title of it is SharePoint. And I could say ATeam, or I could put this in the description, this is Access to ATeam Site Collection. And we'll go ahead and click Finish.
When we click Finish, what's going to happen is Cloud Access Manager is going to generate a certificate for us. And it's asking us to download the certificate. We're going to go ahead and download the certificate.
We're going to go ahead and copy this eventually to the SharePoint server, put it on a location in the SharePoint server, because we will be referencing it from PowerShell, when we define our new authentication provider. And then also keep a note of at the end point URL. So three things to keep note of-- the realm of SharePoint, which is urn colon SharePoint my example, the endpoint URL, and the certificate-- go ahead and download the certificate.
So I'm going to copy the certificate and then switch over to the SharePoint server and start working on the third, and final, step. OK? So I'm on the SharePoint server right now. What we're going to do is configure SharePoint 2013 by first launching the SharePoint 2013 Management Shell. So let us go, Start, Management Shell, and I like to run this as Administrator. And we're going to
