Envisio supports single sign-on (SSO) logins through SAML 2.0. To set up SSO using Azure Active Directory, check out the article here. Follow the steps below to configure ADFS SAML SSO for your users:
General Steps
To create the custom connection, we recommend that you set up a sandbox to test the integration. You will need to provide us with your sandbox's ADFS IDP meta data URL. We will then configure our server and provide you with the URL you will need to follow the steps below. Once the steps below are completed, schedule time with our team to test the integration.
- Configure ADFS and create a SAML connection where Envisio acts as the service provider.
- Generate Relying Party Trust in ADFS.
- Enable and test your integration.
The following sections will guide you through this process.
Note: This guide uses screenshots from Server 2012R2, but similar steps should be possible on other versions.
1. Primary Authentication
a) Open the “AD FS” Management Console in Server Manager.
b) Expand all categories if necessary and Click “Authentication Policies”
c) Under Primary Authentication, Global Settings, click Edit
d) In the Intranet section, ensure both Forms Authentication and Windows Authentication is checked, click “OK”.
2. Generate Relying Party Trust
e) Open the “AD FS” Management Console in Server Manager.
f) Expand all categories if necessary and right click “Relying Party Trusts”, then “Add Relying Party Trust”.
g) The Trust Wizard opens… Select "Start"
h) On the “Select Data Source” window, select “Enter data about relying party trust manually”, then “Next”.
i) Now specify the Display Name to be “Envisio Live”, then “Next”. If you are setting this up for sandbox testing, name it "Envisio Sandbox".
j) Choose Profile - Select “AD FS profile”, then "Next"
k) Configure Certificate Window – Leave everything as default, click “Next”
l) Configure URL – Select the box for “Enable support for the SAML 2.0 WebSSO Protocol”. Now enter the “SAML 2.0 SSO service URL” for your domain
https://yourorganization.app.envisio.com/corporate/saml/acs
Replace the words in red with your assigned sub domain. You can get this information from your Envisio login url or contact us.
For sandbox setup, the URL to use is:
https://yourorganization.app.envisio-staging.com/corporate/saml/acs
After the URL has been entered successfully, click “Next”.
m) Configure Identifiers – Add a URL with the following format:
Replace the words in red with your assigned sub domain. You can get this information from your Envisio login url or contact us.
“https://yourorganizaiton.app.envisio.com/corporate/saml/metadata”
For sandbox setup, the URL to use is:
https://yourorganization.app.envisio-staging.com/corporate/saml/metadata
Type the URL in the “Relying part trust identifier” box, click "ADD"
After the URL has been created successfully, click “Next”.
n) Select “I do not want to configure Multi-factor authentication settings for this relying party trust at this time”, then click “Next”.
o) Choose Issuance Authorization Rules. Select “Permit all users to access this relying party”, then click “Next”.
p) In Ready to Add Trust, click “Next”.
q) Finish – Ensure “Open the Edit Claim Rules dialog for this relying party trust when the wizard closes” is checked, and then click “Close”.
r) In Edit Claim Rules. Click on "Add Rule"
s) Select Rule Template - Select “Transform an Incoming Claim”, click “Next”.
t) Configure Claim Rule - Populate the information as follows:
i. Claim rule name: Email Transform
ii. Incoming claim type: E-Mail Address
iii. Outgoing claim type: Name ID
iv. Outgoing name ID Format: Email
v. Pass through all claim values (default)
vi. Click “Finish”
u) In Edit Claim Rules - Click on "Add Rule"
v) Select “Send LDAP Attributes as Claims”, then click “Next”
w) Configure Claim Rule – Populate the information as follows:
i. Claim rule name: Envisio Claim Rule
ii. Attribute store: Active Directory
iii. Mapping of LDAP attributes to outgoing claim types:
iv. Click “Finish”
x) Click “OK”
Related Articles:
Comments
0 comments
Please sign in to leave a comment.