An On-Premise Communifire installation supports Active Directory integration for single-sign-on (SSO). After integration, users can log into your intranet without having to register for an account, and their data will be automatically imported. Your intranet will use Windows Authentication to verify users — no login required.
This page covers information about Active Directory SSO, walks you through how to configure Active Directory SSO on your intranet, and provides solutions to common issues. For more information or assistance from the Axero team, submit a private case.
On visiting your intranet, users will be prompted to log in with their username and password.
Internet Explorer
Chrome
Firefox
Note: To enable automatic login in Chrome and Firefox, Internet Explorer must be configured to pass credentials via group policy. See the setup guide below for how to configure automatic login in Windows.
Session expiration
By default, the session expires 30 days from the date of log in. You can control when the session expires using System Properties > FormsAuthPersistentCookieTimeOutInMinutes. By default this value is set to 43200, which is 30 days.When the property MakePermanentCookieForThirdPartyLogin is set to true, a cookie is generated for the user that expires based on the value found in FormsAuthPersistentCookieTimeOutInMinutes. If MakePermanentCookieForThirdPartyLogin is set to false, the user will be logged out when the browser is closed.
Return to top
Note: Automatic login is not supported on Mac.
Users must use their Active Directory username and password to log into the app. The username must be entered as DOMAIN\username, where DOMAIN is the Active Directory domain name.
A user is created in Communifire when the user logs in for the first time. You can add users to Communifire before they log in using the methods below.
Bulk import users
Pre-populate users before Active Directory setup or launch with Bulk Import Users . The Communifire usernames you create must match the usernames in Active Directory. Note that the domain (DOMAIN\username) is excluded when we create a user in Communifire. Only the username is stored.
Add users
Add users in Control Panel > People > Manage People > Add User . The Communifire username you create must match the username in Active Directory.
REST API
You can use our REST API to import users.
Adding Communifire administrator accounts
If Communifire administrator accounts are created before Active Directory is set up and the Communifire usernames match Active Directory usernames, the administrator accounts will sync with the corresponding Active Directory accounts. If not, you will need to re-configure permissions for the admin Active Directory accounts and remove the previous Communifire administrator accounts.
Groups in Active Directory are imported to Communifire as top level Roles and assigned to users. You can use User Space Assignment Rules to automatically add users to spaces based on their roles. When a user is added to or removed from an Active Directory group, their Communifire roles are updated.
See the Configure Group Import section in the setup guide below for how to import Active Directory groups as Communifire roles.
Any data can be imported from Active Directory, as long as there are corresponding User Profile Fields in Communifire. Attribute mappings must be added to Control Panel > System > Sync Active Directory Data > Mapping. Enter the outgoing claim type as the property name in Communifire. See the table below for common fields to import.
You can also use the REST API to import user data.
Profile pictures
You can prevent Active Directory profile pictures from being imported to Communifire to allow users to change their Communifire profile picture. Set System Properties > ADSyncProfilePicture to false.
Active Directory imports user data when the user first logs in. User data is synced every 120 minutes by default. You can set the sync interval by editing ActiveDirectorySyncManagerInterval in System Properties . You can sync data immediately at anytime in Control Panel > System > Sync Active Directory Data > Sync Now.
When a user is disabled in Active Directory, this information is not sent to Communifire. You can Delete User and delete their content or re-assign their content to another user or to the system anonymous user. You can also Ban User , which will prevent the user from logging in, but will retain their content.
By default, Communifire ships with FormsAuthentication for user authentication and authorization. In order to use Windows Authentication instead of FormsAuthentication, follow the guide below.
Client-side setup is estimated to take 1-2 hours and Axero team setup is estimated to take 1-2 hours. The time to set up SSO can vary based on how long it takes to set up internal systems and to provide the Axero team with required information. The total time for setting up SSO may take up to 1-2 business days.
Once you complete the guide, Active Directory SSO will be active on your intranet. If you run into any issues, submit a case here for assistance.
<modules runAllManagedModulesForAllRequests="true">
<remove name="WindowsAuthentication" />
<configuration> ... <system.web> ... <authentication mode="Windows" /> <authorization> <deny users="?"/> </authorization> ... </system.web> ... </configuration>
Follow the steps below to enable the Export as PDF feature.
<!-- Set HttpAuthenticationUsername,HttpAuthenticationPassword of app pool user so that pdf converter can pass those credentials to gerneate pdf else, it will show missing images and css in pdf. Double check the username/password, otherwise it will show missing images and css. --> <add key="HttpAuthenticationUsername" value="my.domain.com\Communifire"/> <add key="HttpAuthenticationPassword" value="@bcd1234"/>
In IIS:
This section provides instructions for configuring folder permissions in Windows to enable certain Communifire features and functions.
Configure folder permissions to enable file upload
Configure folder permissions to enable the export as PDF feature
You can configure AD SSO to import organizational units as Roles in Communifire when users login.
Get the distinguishedNames of the organizational units to import as roles
Update WindowsADSettings.config
In WindowsADSettings.config, find the following line:
<add key="RoleGroupsContainer" value=""/>
For value, enter a pipe-separated list of the distinguishedNames of the organizational units.
Example:
<add key="RoleGroupsContainer" value="OU=Developer,OU=CommunifireTeam,DC=adqa,DC=communifire,DC=com|OU=QA,OU=CommunifireTeam,DC=adqa,DC=communifire,DC=com"/>
Open Communifire:
You can initiate a manual sync in Sync Active Directory Data.
Windows Internet Settings must be configured in order for a user to log in automatically based on server credentials. Follow the instructions below to configure automatic login.
Issue: Images are missing on the site
Fix: In web.config, keep the value of the line below to false.
<modules runAllManagedModulesForAllRequests="false">
This fix is for virtual directories in the Assets folder (Uploaded Photos, Uploaded CMS files, Uploaded Videos, Uploaded Files).
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/19950/active-directory-sso?locale=en-US%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f1%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253fact%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253d1%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253fSpaceID%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253d5
Your session has expired. You are being logged out.