SSO Configuration - ADFS (Active Directory Federation Services)
This guide will walk you through integrating Single Sign-On (SSO) with Active Directory Federation Services (ADFS) to allow your users to access InfoSum using their ADFS credentials. With this setup, user authentication will be securely managed by ADFS, simplifying your access management process.
To complete the integration, you will:
- Register your application in ADFS.
- Configure authentication settings.
- Retrieve key credentials (Client ID, Client Secret, and OIDC Discovery URI).
At the end of this guide, you’ll also find troubleshooting tips to address common integration challenges.
Note: Make sure you have administrative access to your ADFS server. If you are unfamiliar with app registration in ADFS, refer to Microsoft’s official documentation for guidance.
Step-by-Step Guide
Step 1: Register a New Application in ADFS
-
Log in to the ADFS Management Console:
- Sign in to the ADFS Management Console on your server.
-
Register a New Application Group:
- Navigate to Application Groups and select Add Application Group.
- Provide a name for your application group, such as "SSO for InfoSum," and select Server application accessing a web API as the template.
-
Enter Application Details:
- Client ID: Assign a Client ID for the application.
-
Redirect URI: Choose Web and enter the Redirect URI provided by InfoSum in the following format:
- Format: https://accounts.infosum.com/authorization-code/callback/{customername-IDPType}
- Example: https://accounts.infosum.com/authorization-code/callback/infosum-adfs
Step 2: Configure OpenID Connect (OIDC) Settings
-
Add Application in ADFS:
- Within your new application group, select Add Application.
-
Set Application Type and Reply URL:
- Choose OIDC Web Application as the application type.
- Set the Reply URL to the Redirect URL provided by InfoSum.
-
Generate Client Secret:
- Generate a Client Secret and save it securely, as you’ll need it to configure InfoSum.
Step 3: Enable Required Scopes
-
Add OpenID as a Scope:
- In the ADFS Management Console, add OpenID as a scope.
- Optionally, configure additional scopes (like email or profile) if InfoSum needs extended user information.
Step 4: Retrieve the Required Credentials
-
Client ID:
- Found in the application group settings within ADFS.
-
Client Secret:
- Generated during app setup. Save it securely, as it won’t be displayed again.
-
OIDC Discovery URI:
-
The OIDC discovery endpoint is typically structured as follows:
- https://<your-adfs-server>/adfs/.well-known/openid-configuration
- Replace <your-adfs-server> with your specific server address.
-
The OIDC discovery endpoint is typically structured as follows:
Provide Information to InfoSum
After completing the above steps, share the following details with InfoSum:
- Client ID: The public identifier for your app.
- Client Secret: A confidential value used to authenticate your app.
- OIDC Discovery URI: https://<your-adfs-server>/adfs/.well-known/openid-configuration
Once InfoSum has finished setting up your SSO, you can test your login by following the direct login URL provided:
- Format: https://accounts.infosum.com/login/{customername-IDPType}
- Example: https://accounts.infosum.com/login/infosum-adfs
Alternatively, you can use the "Sign in with Private SSO" option at the bottom of the InfoSum login screen. This will direct you to your ADFS login portal after entering your email address.
Common Issues and Troubleshooting
- Invalid Redirect URI: Ensure the redirect URI matches exactly what is configured in ADFS.
- Scope Errors: Make sure openid is included in the requested scopes.
- SSL/TLS Errors: Verify your ADFS server’s certificates are correctly installed and trusted.
- Token Exchange Fails: Check that the client secret is correct and the token endpoint is properly configured.
Conclusion
By following this guide, you’ll successfully configure SSO with ADFS. Once the integration is complete, users will be able to securely log in to InfoSum using their ADFS credentials.
If you encounter any issues during setup, please reach out to our support team at Support@infosum.com