Adding a second domain for Extended Enterprise

  • 12 September 2022
  • 13 replies
  • 175 views

I was assigned to decebo just last Friday and have zero experience with this tool. My task is to add a second Domain to the Extended Enterprise. Our parent company has a well established decebo implementation in Europe.

Extended Enterprise is enabled and I have gone to the manage link and added our domain name and attached to the Branch that was created. 

I am not clear on the steps to make this work? I have watched the university course and read the documentation, but not connecting the dots. Our goal is to have SSO for our users and a seperate catalog of course managed by the US based team.

All input/assistance is appreciated.

Regards,

David


13 replies

Userlevel 7
Badge +7

Hi @DCSipp to configure SSO you will need to activate the SAML app and then configure it under the sub domain settings for the new domain.Make sure to review all settings for the new domain since they will inherit the parent domain settings if you do not tell Docebo you want different settings. It’s basically most of the Advanced Settings you need to go through.

For catalogues, these are not linked to sub domains so you can configure these to be visible by either groups and/or branches.

Thanks for the reply. SSO for the Parent Domain is set up in the SSO app call it aaa.com. They have a url of learning,aaa.com

I want to create Learning.bbb.com with SSO from company B’s Azure AD or SAML or on prem AD, whatever is best/works?

 

Userlevel 7
Badge +7

you cannot use the same SSO details at the root because your URL for SSO will be different for each domain. You must configure it at the sub domain level.

I know, this and what I am asking for assistance with.

Thanks

Userlevel 7
Badge +7

What would you like to know?

This should have most of what you need to set it up:

https://help.docebo.com/hc/en-us/articles/360020124899-Managing-the-Extended-Enterprise-App#subtitle-4

If you have some specific questions, I’d be happy to help

I have reviewed all of these documents and none answer the questions I have. I am working with our account team to resolve.

Regards,

David

I have successfully setup the extended enterprise OpenID with my registered app in Azure, Authentication is working. I have added “Optional” claims to my app in Azure believing these will show up in docebo as fields I can map in the “User Provisioning” section when I add fields. Am I wrong in my expectations? If it should work, can anyone provide some guidance?

Userlevel 3

Hi,

we work a lot with extended enterprises and only use the SAML 2.0 App, as this is easier to configure.

The optional claims do not show up in Docebo. If you activate User Provisioning, you can map your Claim URL to a Docebo fields (also additional fields).

How to map a Docebo field:
Simply type which Docebo field you want to map, for example “Username”, and then Docebo will show you the field.
 

Click on it and then click on Add. Now you can add your Claim URL into the attribute field.
 

By default, Azure creates certain claims, which you will find in the XML File that you can get from your Azure (SAML Settings of your App in Azure). You can also create optional claims, but these do not pop up in the XML file.

The URL of optional claims, have a different URL and can be found in Azure, when you create a optional claim.

When a claim does not give you the needed value (for example when your Azure sends the value “english”), you can transform the value into EN.

To see what values are sent, you can use the SAML extension in Chrome (https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace?hl=en-US).

I hope this helps!

Johfra

I’ll research SAML for Extended Enterprise. not sure how to do this. You touched on the one issue I am having as I have done all you suggested. My issue is this, when user provisioning is enabled and I go to add fields and select “Last Name”, I am expecting to see a match in the dropdown list (highlighted in yellow). I am assuming this list is coming from the registered app in AAD. I thought the Optional Claims would show in this list. but they do not. Should they?

Thanks for responding.

 

We do not have SAML Activated on the main site so looks like it is not an option for the Extended Enterprise.

Userlevel 3

Hi,

nothing will happen with the main site if you activate the SAML app.

It is not a live sync between the two systems and therefore you do not see the information you mentioned above. As soon as somebody tries to log in with SSO, Docebo verifies the account on the system that you configured and then the user will be logged in.

I would use the XML file to find the claims and configure them 😉

Understood, I have contacted our account team to explorer enabling this. Can you answer the question I have regarding OpenID. Should the optional claims selected in the registered app in AAD show up in the “Attribute Statement” drop down list? 

Thanks

David

Userlevel 3

No, they won't 😉

Reply