Single Sign-On (SSO) Authentication with AD FS

In this article, you'll learn how to set up Single Sign-On (SSO) authentication with AD FS. To learn more about enabling SSO authentication in OfficeRnD Hybrid, take a look at the Single Sign-On (SSO) Authentication article

Keep in mind that when you activate an SSO authentication, the following OfficeRnD Hybrid authentication services are disabled:
  • The standard login with an OfficeRnD Hybrid user and password.
  • The "Reset password" links in OfficeRnD Hybrid.
  • The token for authentication that employees receive when invited to the Members Portal. 

Setting up SSO with AD FS

  1. Login to your OfficeRnD Hybrid account.
  2. Navigate to Settings/Integrations.
  3. Activate SSO Authentication.
  4. Click Configure. This will open a pop up window with fields that we are going to use during the setup.
    mceclip0.png
  5. Open the AD FS Management application on your AD server and navigate to Application Groups.

  6. On the Actions pane, click Add Application Group…
  7. Type in Name, and choose Server application as Template. Click Next.
  8. Switch to OfficeRnD and copy the Return URL from the configuration pop-up. Paste it into the Redirect URI field on the Server Application. Click Add.

  9. Copy the Client ID from Officernd and paste it under Client Identifier in AD FS.
  10. Click Next on AD FS and select Generate a shared secret. Copy the secret and paste it into OfficeRnD's Client Secret field.
  11. Click Next in the AD FS to review the summary, Next again, and Close to complete the wizard

  12. Enter the Discovery URL in OfficeRnD. Use the below template and substitute <ADFS_ROOT> with your AD FS domain (e.g https://my.domain.org/adfs/.well-known/openid-configuration)
     <ADFS-ROOT>/.well-known/openid-configuration
  13. Set the Email Claim field to upn.
  14. Click Update to finish the set-up.

Enable Automatic Account Activation setting in OfficeRnD's configuration - With this setting enabled, employees that already exist in OfficeRnD Hybrid will be allowed to log into the Portal without needing to be explicitly invited. If this setting is disabled - employees without prior access to the Portal will need to have it Enabled by an administrator.

SCIM User provisioning is currently not supported by the integration.

Video Guide

sssoo.gif

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.