Single Sign On
      Back to home
      1. Help Center
      2. Users and User Groups
      3. Single Sign On

      ADFS SSO Setup Guide

      Full walk-through to setup and enable ADFS SSO with Tovuti.

      1. Go to People > click Single Sign-On > click New

        Screen Shot 2020-01-28 at 4.22.09 PM
      2. Enter Title and Details

        ADFS_Doc_3
      3. Go to the Service Provider Settings tab > a unique EntityID/Issuer will be created for you

        ADFS_Doc_4

      Step 2: Configuring ADFS as Identity Provider (IDP)

      In ADFS, click on Add Relying Party Trust

      ADFS_Doc_2.5

      Then click on Start

      ADFS_Doc_5

       In Select Data Source: Select Enter data about the relying party manually. Click Next.

      ADFS_Doc_6

      1. In Specify Display name: Enter Display name. Click Next.
      2. In Choose Profile: Select AD FS profile. Click Next.

      In Configure URL: Check Enable Support for the SAML 2.0 Web SSO Protocol and enter the ACS URL from the plugin in Relying Party SAML 2.0 SSO Service URL field. Click Next.

      ADFS_Doc_7

      Configure Identifiers: Enter the SP-Entity ID/Issuer URL from the plugin in Relying Party Trust Identifier field. Click Add. Click Next

      ADFS_Doc_9

      • In Configure Multi-factor Authentication: Select I do not want to configure multi-factor authentication settings for this relying party trust. Click Next.

      • In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
      • In Ready to Add Trusts, select click Next.
      • Check Open the Edit Claim Rules dialog and click close. Click Add rule and then select Send LDAP Attributes as Claims. Enter the following:

      Claim rule name

      Enter claim rule name (Any). For example: Attributes

      Attribute Store

      Active Directory

      LDAP Attribute

      E-Mail-Addresses

      Outgoing Claim Type

      Name ID
      • Click the Finish button.

      Step 3: Finish Configuring Tovuti as Service Provider (SP)

      Enter the following information found in the ADFS Setup Instructions

      1. Identity Provider Issuer
      2. Identity Provider Single Sign-on URL
      3. 509 Certificate.

      ADFS_Doc_10

       

      Click Update and then click Test Configuration (this will show you what Attributes and Values are being sent in the ADFS SAML Assertion – this will help you map Fields and Groups

       

      ADFS_Doc_11

      Step 4: User Profile Field and Attribute Mapping

      • Attributes are user details that are stored in your Identity Provider.
      • Attribute Mapping helps you to get user attributes from your Identity Provider and map them to Tovuti user attributes like firstname, lastname etc.
      • While auto registering the users in your Tovuti site these attributes will automatically get mapped to your Tovuti user details.
      • In Tovuti User Profile Field Mapping tab and fill in all the fields.

      ADFS_Doc_12

      *You can check the Test Configuration Results under the Identity Provider Settings tab to get a better idea of which values to map here.

      Step 5: User Group Mapping

      • While auto registering, the users are assigned roles based on the group they are mapped to.
      • Assign a default User Group
      • Enter the Attribute Name for ADFS Roles/Groups

      ADFS_Doc_13

      *You can check the Test Configuration Results under the Identity Provider Settings tab to get a better idea of which values to map here.

      Step 6: Enable Login Link

      Go to Details Tab and click Yes for Add Login Link to Navigation select the menu that you want the link to appear on and give the link a name

      ADFS_Doc_14

      Click Save and Your ADFS SSO is Now Setup

      (make sure to run multiple tests to ensure that all of your settings are correct)