Skip to main content

ADFS SSO

ADFS SSO is an advanced authentication method that enables users to access multiple applications and services using a single set of credentials. Instead of juggling numerous login details, users can authenticate once and seamlessly navigate through different resources without the hassle of repeated logins. For Active directory, ADFS role needs to be installed on the AD server.

Configure SSO in SureMDM Hub (ADFS)

To configure SSO with ADFS, follow these steps:

1. Login to the SureMDM Hub as a Superuser.

2. Navigate to SureMDM Hub  > Account Management > Single Sign On.

3. Configure Single Sign-On settings for ADFS.

  • Enable Single Sign-On: Select this option to allow configuring Single Sign-On settings.
  • Service Identifier: Enter the Service Identifier URL. See how to obtain Federation Service Identifier URL.
  • Sign On Service Url: Enter the URL for the Sign On Service URL. See how to obtain ADFS Service URL.
  • Logout Service Url: Enter the URL for logout.
    note

    Generally, the URLs for the Sign On Service Url and Logout Service Url will be the same.

  • Roles: Choose an option for the Roles from the drop-down menu. To know more, see Create Roles for the Admin User.

4. Click Generate Certificate to generate a self-signed certificate on the server and make it ready for download.

or

Click Upload Certificate to upload another certificate. 

These options are available when no certificate is uploaded.

5. Once configured, click Save.

Obtain ADFS Service URL

To obtain the ADFS Service URL, on the AD FS Console ( Server Manager > ADFS > Tools > ADFS Management), expand Service and click End Point. Note down the URL Path for SAM 2.0 and prefix it with the machine endpoint.

Obtain Federation Service URL

To obtain the Federation Service URL, on the AD FS Console, right-click the Service and then select Edit Federation Service Properties. Note down the URL mentioned in the Federation Service identifier field. 

Configure Settings in ADFS Server

To configure settings in ADFS server, follow these steps:  

1. Remote Desktop Protocol (RDP) or login into ADFS Server.

2. Launch the AD FS Console from Server Manager, then click on Tools > AD FS Management.

3. Click Relying Party Trusts > Add Relying Party Trust

4. Select Claims Aware and click Start.

5. Select Enter data about relying party manually and click Next.

6. Enter the Name as SureMDM and click Next.

7 In the Configure Certificate section, browse the certificate (adfs_xxxxxxx.cer) downloaded in step no.4, Configure SSO with ADFS.

8. Select Enable support for the SAML 2.0 WebSSO protocol and enter the URL as   

https://(SureMDM Hub Server Path)/adminconsole/ssoconsumer/Hub ID

note

Admin should enter their SureMDM Server Path and Hub ID into the above-mentioned URL.

9. Enter urn:42gears:suremdm:SAML2ServiceProvider in Relying party trust identifier field and click Add.

10. Select Permit everyone or select an option from the list and click Next > Close.

11. In the AD FS Console, right-click SureMDM and select Properties.

12. Select the Signature tab and click Add.

13. Select the certificate (adfs_xxxxxxx.cer) downloaded in Configure SSO with ADFS,step no.4 and click Apply.

14. Select the Endpoints tab and click Add SAML.

15. Select Endpoint type as SAML Logout and Trusted URL as   

https://(SureMDM Hub Server Path)/adminconsole/ssoconsumer/Hub ID

note

Admin should enter their SureMDM Server Path and Hub ID into the above-mentioned URL. 

16. Click OK.

17. In the Edit Claim Issuance Policy prompt, click Add Rule.

18. Click Next.

19. In the Claim rule name field enter SureMDM, select Attribute store as Active Directory and choose the mappings for LDAP Attribute and Outgoing Claim Type and click Finish.

20. Click OK.

21. Use the URL https://42gears.suremdm.io/adminconsole/ssologin/(SureMDM Hub ID) for SSO user login. 

note

Admin should enter their Server URL and Hub ID into the above-mentioned URL.