Single Sign-On (SSO) Authentication with AD FS

Introduction

In this article, you'll learn how to set up Single Sign-On (SSO) authentication with AD FS. To learn more about enabling SSO authentication in OfficeRnD Hybrid, you can take a look at the Single Sign-On (SSO) Authentication article

Keep in mind that when you activate an SSO authentication, the following OfficeRnD Hybrid authentication services are disabled:
  • The standard login with an OfficeRnD Hybrid user and password.
  • The "Reset password" links in OfficeRnD Hybrid.
  • The token for authentication that employees receive when invited to the Web Portal

Add The Hybrid Work App to InTune

Please follow this article to go through the process of adding the Hybrid Work Android App to Mobile Device Management in Intune

Set up Web Portal SSO

1. Log-in to your Hybrid account.

2. Navigate to Settings/Integrations.

3. Look for SSO Authentication and click Activate.

sso auth 1.png

4. Next, click Configure.

config.png

5. In the dialog that opens, copy the Return URL and paste it in a new text document. You will need to use it shortly. Also, keep Hybrid open in a browser tab.
edit auth arr.png

 

6. Open the AD FS Management application on your AD server and navigate to Application Groups.

7. On the Actions pane, click Add Application Group…

8. Type in Name, and choose Server application as Template. Click Next.

9. Paste the Return URL it into the Redirect URI field on the Server Application and click Add. Check Admin SSO to activate that option as well.

9. Copy the Client ID from Client Identifier in AD FS and paste it in Hybrid.

10. Click Next on AD FS and select Generate a shared secret. Copy the secret and paste it into the Client Secret field in Hybrid.

11. Click Next in the AD FS to review the summary. Then, hit Next, and Close to complete the steps.

12. Enter the Discovery URL in OfficeRnD. Use the below template and substitute <ADFS_ROOT> with your AD FS domain (e.g https://my.domain.org/adfs/.well-known/openid-configuration)

 <ADFS-ROOT>/.well-known/openid-configuration

13. Set the Email Claim field to upn.

14. Click Update to finish the set-up.

15. (optional) Enable Automatic Account Activation - With this setting enabled, employees that already exist in Hybrid will be allowed to log into the Portal without needing to be explicitly invited. If this setting is disabled - employees without prior access to the Portal will need to have it Enabled by an administrator.

activate sso.png

Note: SCIM User provisioning is currently not supported by the integration.

Admin Portal SSO

You can also set up Admin portal SSO.

1. Enable Activate Admin Portal SSO (see above).

2. Copy the Return URL from the dialog:

admin portal.png

and insert it here:

mceclip0.png

3. Finish the setup.

(optional) Enforce SSO for All Admins - this option eliminates the Hybrid login (email and password) in favor of an entirely AD FS login. Otherwise, admins will have both options to choose from. If your organization uses the Hybrid Rooms and Hybrid Reception apps, admins will not be able to log in to those apps while SSO is enforced.

Was this article helpful?
1 out of 1 found this helpful
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.