logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
georg.leitner  
#1 Posted : Tuesday, April 10, 2018 6:51:03 AM(UTC)
georg.leitner


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 2/3/2015(UTC)
Posts: 38
Austria

Thanks: 1 times
Was thanked: 5 time(s) in 5 post(s)
Hi,

the setup of getting Control to authenticate via SAML with Microsoft ADFS is quit easy. Here is a short guide how to do it, i had some help from Ryan and Reid from support.

1. Step --> Open SAML configuration in Control:

UserPostedImage

IdentityProviderMetadataUrl > https://**URL of ADFS Server/FederationMetadata/2007-06/FederationMetadata.xml
UserNameAttributeKey > NameID
UserDisplayNameAttributeKey > CommonName
EmailAttributeKey > E-MailAddress
RoleNamesAttributeKey > http://schemas.microsoft.../06/identity/claims/role
DisplayName > **Description for SAML Login Button**

Click "SAVE CONFIGURATION"

2. Get Metadata from Control --> in the User Sources SAML dropdown click on "Generate Metadata" --> Save as xml file

3. On the ADFS Server --> Relying Party Trust --> Add Relying Party Trust --> Claims aware, click Start --> Import data about the relying part from file - as datasource use the before generated metadata, click Next --> there is a warning, click OK --> Give the Trust a name, click Next --> Choose an access control policy as required, click Next --> Click Next --> finish

4. Select the new Relying Party Trust and click on "Edit Claim Issuance Policy" --> Add Rule --> Send LDAP Attributes as Claims --> Configure as in the picture:

UserPostedImage


After that your SAML configuration with MS ADFS is finished. When there is a match between an AD group and an Control Role, the login should be possible without any problem.


Georg
thanks 1 user thanked georg.leitner for this useful post.
aslee on 7/17/2018(UTC)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.