ADFS single sign on allows you login to Resolution Intelligence Cloud by configuring ADFS as identity provider. This guide provides you step by step instructions on how to setup single sign on through ADFS. Here ADFS acts as a Identity provider and your app/website will be considered as a Service Provider with Resolution Intelligence Cloud as an intermediate agent.
Important: Refer to this article for details on how to reset MFA for a specific user if the user lost an MFA-enabled device.
Prerequisites
- Admin in Resolution Intelligence Cloud
- ADFS Administrator access through your organization to process Single-Sign-On correctly
Add a Relying Party Trust
- Open the ADFS Management Console.
- On the right side of the console, click Add Relying Party Trust.
- Click Start.
- Select Enter data about the relying party manually and click Next.
- Type a name (yourAppName) and click Next.
- Use the default (ADFS 2.0 profile) and click Next.
- Use the default (no encryption certificate) and click Next.
- Check Enable support for the WS-Federation... and type this value in the textbox: https://auth.netenrich.com/login/callback.
- Click Next.
- Add a Relying Party Trust identifier with this value: urn:auth0:prod-netenrich:companynameadfs
NOTE: For “companyname”, type your company name, this can be any name to uniquely identify the connection. Later this name will be used to configure the ADFS connection in Resolution Intelligence Cloud - Click Add, and then Next.
- Leave the default Permit all users... and click Next.
- Click Next, and then Close.
Add a claim issuance policy rule
- If you're using Windows Server 2019, the Edit Claim Issuance Policy dialog box automatically opens when you finish the Add Relying Party Trust wizard. If you're using Windows 2012 or 2016, follow these below steps
In Windows Server 2012 | In Windows Server 2016 |
In the Actions panel on the right side of the console, find the Relying Party Trust you just created. Beneath it, click Edit Claim Issuance Policy. | In the console tree, under ADFS, click Relying Party Trusts. On the right side of the console, find the Relying Party Trust you just created. Right-click it and click Edit Claim Issuance Policy. |
2. In the Edit Claim Issuance Policy Window, under Issuance Transform Rules, click Add Rule....
3. Leave the default Send LDAP Attributes as Claims.
4. Give the rule a name that describes what it does.
5. Under Attribute Store, select Active Directory.
6. Select these mappings under Mapping of LDAP attributes to outgoing claim types and click Finish.
LDAP Attribute | Outgoing Claim Type |
E-Mail-Address | E-Mail Address |
Display-Name | Name |
User-Principal-Name | Name ID |
Given-Name | Given Name |
Surname | Surname |
Configuring ADFS in Resolution Intelligence Cloud
To configure ADFS,
- From Resolution Intelligence home screen, click Configurations --> Authentication in the left menu
- Click Setup Provider under the ADFS tile
A New ADFS Connection form appears - Enter the following fields and click Create at the bottom of screen
Field |
Description |
Connection name |
Logical identifier for your connection; it must be unique. Once set, this name can't be changed. |
Display Name |
A name is assigned to your connection to display it on screen |
ADFS URL |
Get the ADFS Federation Metadata by using this URL: |
Identity Provider Domains |
Enter a list of trusted domains which you want to be identified as identity providers |
Sync user profile attributes at each login |
When enabled, Resolution Intelligence Cloud automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Resolution Intelligence Cloud. |
Email Verification |
Choose how Resolution Intelligence Cloud sets the email_verified field in the user profile. |
4. You have established ADFS connection successfully
Comments
0 comments
Please sign in to leave a comment.