In this article, you'll learn how to set up Single Sign-On (SSO) authentication with AD FS. To learn more about enabling SSO authentication in OfficeRnD Workplace, you can take a look at the Single Sign-On (SSO) Authentication article.

Keep in mind that when you activate an SSO authentication, the following OfficeRnD Workplace authentication services are disabled:

Please follow this article to go through the process of adding the Workplace Android App to Mobile Device Management in Intune

1. Log in to your Workplace account.

2. Go to Settings > Integrations.

3. Look for SSO Authentication and click Activate.

4. Next, click Configure.

5. In the dialog that opens, copy the Return URL and paste it into a new text document. You will need to use it shortly. Also, keep Workplace open in a browser tab.
​

6. Open the AD FS Management application on your AD server and navigate to Application Groups.

7. On the Actions pane, click Add Application Group…

8. Type in Name, and choose Server application as Template. Click Next.

9. Paste the Return URL into the Redirect URI field on the Server Application and click Add. Check Admin SSO to activate that option as well.

9. Copy the Client ID from Client Identifier in AD FS and paste it in Workplace.

10. Click Next on AD FS and select Generate a shared secret. Copy the secret and paste it into the Client Secret field in Workplace.

11. Click Next in the AD FS to review the summary. Then, hit Next, and Close to complete the steps.

12. Enter the Discovery URL in OfficeRnD. Use the below template and substitute <ADFS_ROOT> with your AD FS domain (e.g https://my.domain.org/adfs/.well-known/openid-configuration)

13. Set the Email Claim field to upn.

14. Click Update to finish the set-up.

15. (optional) Enable Automatic Account Activation - With this setting enabled, employees who already exist in Workplace can log into the Portal without needing to be explicitly invited. If this setting is disabled - employees without prior access to the Portal will need to have it Enabled by an administrator.

Note: SCIM User provisioning is currently not supported by the integration.

You can also set up Admin portal SSO.

1. Enable Activate Admin Portal SSO (see above).

2. Copy the Return URL from the dialog:

and insert it here:

3. Finish the setup.

(optional) Enforce SSO for All Admins - this option eliminates the Workplace login (email and password) in favor of an entirely AD FS login. Otherwise, admins will have both options to choose from. If your organization uses the Workplace Rooms and Workplace Reception apps, admins cannot log in to those apps while SSO is enforced.