Introduction
In this article, you'll learn how to set up Single Sign-On (SSO) authentication with AD FS. To learn more about enabling SSO authentication in OfficeRnD Flex, you can take a look at the Single Sign-On (SSO) Authentication article.
- The standard login with an OfficeRnD Flex user and password.
- The "Reset password" links in OfficeRnD Flex.
- The token for authentication that employees receive when invited to the Members Portal.
Set up Members Portal SSO
- Login to your OfficeRnD Flex account.
- Navigate to Settings/Integrations/Authentication.
- Activate Members SSO Authentication.
- Click Configure. This will open a pop-up window with fields we will use during the setup.
-
Open the AD FS Management application on your AD server and navigate to Application Groups.
- On the Actions pane, click Add Application Group…
- Type in Name, and choose Server application as Template. Click Next.
-
Switch to OfficeRnD and copy the Return URL from the configuration pop-up. Paste it into the Redirect URI field on the Server Application. Click Add. Check Admin SSO to activate that option as well.
- Copy the Client ID from Client Identifier in AD FS and paste it in OfficeRnD.
- Click Next on AD FS and select Generate a shared secret. Copy the secret and paste it into OfficeRnD's Client Secret field.
-
Click Next in the AD FS to review the summary, Next again, and Close to complete the wizard
- Enter the Discovery URL in OfficeRnD. Use the below template and substitute <ADFS_ROOT> with your AD FS domain (e.g https://my.domain.org/adfs/.well-known/openid-configuration)
<ADFS-ROOT>/.well-known/openid-configuration
- Set the Email Claim field to upn.
- Click Update to finish the set-up.
Set up Admin Portal SSO
- Login to your OfficeRnD Flex account.
- Navigate to Settings/Integrations/Authentication.
- Activate Admin SSO Authentication.
- Click Configure. This will open a pop-up window with fields we will use during the setup.
-
Open the AD FS Management application on your AD server and navigate to Application Groups.
- On the Actions pane, click Add Application Group…
- Type in Name, and choose Server application as Template. Click Next.
-
Switch to OfficeRnD and copy the Return URL from the configuration pop-up. Paste it into the Redirect URI field on the Server Application. Click Add.
- Copy the Client ID from Client Identifier in AD FS and paste it in OfficeRnD.
- Click Next on AD FS and select Generate a shared secret. Copy the secret and paste it into OfficeRnD's Client Secret field.
-
Click Next in the AD FS to review the summary, Next again, and Close to complete the wizard
- Enter the Discovery URL in OfficeRnD. Use the below template and substitute <ADFS_ROOT> with your AD FS domain (e.g https://my.domain.org/adfs/.well-known/openid-configuration)
<ADFS-ROOT>/.well-known/openid-configuration
- Set the Email Claim field to upn.
- Click Update to finish the set-up.
Below, you can find the steps to add Admin SSO along with an already set up Members SSO.
- Navigate to Settings/Integrations/Authentication.
- Activate Admin SSO Authentication.
- Copy the Return URL from the Admin Portal section and Add it to the one from the above step 8.
- Finish the setup.
Comments
Please sign in to leave a comment.