The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.



Go to last post Go to first unread
#1 Posted : Tuesday, April 10, 2018 6:51:03 AM(UTC)

Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 2/3/2015(UTC)
Posts: 38

Thanks: 1 times
Was thanked: 6 time(s) in 5 post(s)

the setup of getting Control to authenticate via SAML with Microsoft ADFS is quit easy. Here is a short guide how to do it, i had some help from Ryan and Reid from support.

1. Step --> Open SAML configuration in Control:


IdentityProviderMetadataUrl > https://**URL of ADFS Server/FederationMetadata/2007-06/FederationMetadata.xml
UserNameAttributeKey > NameID
UserDisplayNameAttributeKey > CommonName
EmailAttributeKey > E-MailAddress
RoleNamesAttributeKey > http://schemas.microsoft.../06/identity/claims/role
DisplayName > **Description for SAML Login Button**


2. Get Metadata from Control --> in the User Sources SAML dropdown click on "Generate Metadata" --> Save as xml file

3. On the ADFS Server --> Relying Party Trust --> Add Relying Party Trust --> Claims aware, click Start --> Import data about the relying part from file - as datasource use the before generated metadata, click Next --> there is a warning, click OK --> Give the Trust a name, click Next --> Choose an access control policy as required, click Next --> Click Next --> finish

4. Select the new Relying Party Trust and click on "Edit Claim Issuance Policy" --> Add Rule --> Send LDAP Attributes as Claims --> Configure as in the picture:


After that your SAML configuration with MS ADFS is finished. When there is a match between an AD group and an Control Role, the login should be possible without any problem.

thanks 2 users thanked georg.leitner for this useful post.
aslee on 7/17/2018(UTC), rgreen83 on 1/23/2019(UTC)

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.