Health Professional & ADFS Integration Guide

Similar documents
Configuring Alfresco Cloud with ADFS 3.0

Configuration Guide - Single-Sign On for OneDesk

ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration

Qualys SAML & Microsoft Active Directory Federation Services Integration

Sitekit CMS Technical Guide. Authentication Methods. Ian Stewart, Sitekit Solutions Ltd 19/01/2017

NETOP PORTAL ADFS & AZURE AD INTEGRATION

Microsoft ADFS Configuration

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

Copyright

D9.2.2 AD FS via SAML2

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

How to Use ADFS to Implement Single Sign-On for an ASP.NET MVC Application

Colligo Console. Administrator Guide

Datasheet - Sitekit CMS Secure Forms

October 14, SAML 2 Quick Start Guide

Configuring ADFS 2.1 or 3.0 in Windows Server 2012 or 2012 R2 for Nosco Web SSO

Configuring Microsoft ADFS for Oracle Fusion Expenses Mobile Single Sign-On

Configuring ADFS for Academic Works

AD FS CONFIGURATION GUIDE

Integrating YuJa Active Learning into ADFS via SAML

VIEVU Solution AD Sync and ADFS Guide

Cloud Access Manager Configuration Guide

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: May 2015

SSO Authentication with ADFS SAML 2.0. Ephesoft Transact Documentation

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: June 2014

Copyright

Configuring the vrealize Automation Plug-in for ServiceNow

Integration Guide. SafeNet Authentication Service. NetDocuments

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Integrating YuJa Active Learning with ADFS (SAML)

Five9 Plus Adapter for Agent Desktop Toolkit

Configure Single Sign-On using CUCM and AD FS 2.0 (Windows Server 2008 R2)

Cloud Secure Integration with ADFS. Deployment Guide

SafeNet Authentication Service

SETTING UP ADFS A MANUAL

TECHNICAL GUIDE SSO SAML Azure AD

Integration Guide. BlackBerry Workspaces. Version 1.0

Single Sign-On (SSO)Technical Specification

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

COURSE OUTLINE MOC : PLANNING AND ADMINISTERING SHAREPOINT 2016

Quick Start Guide for SAML SSO Access

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Five9 Plus Adapter for Microsoft Dynamics CRM

Quick Start Guide for SAML SSO Access

Microsoft Core Solutions of Microsoft SharePoint Server 2013

Active Directory Federation Services (ADFS) Customer Implementation Guide Version 2.2

ADFS Setup (SAML Authentication)

A: Planning and Administering SharePoint 2016

Integrating Microsoft Forefront Threat Management Gateway (TMG)

ADFS Authentication and Configuration January 2017

Course : Planning and Administering SharePoint 2016

20331B: Core Solutions of Microsoft SharePoint Server 2013

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

Configuring SAML-based Single Sign-on for Informatica Web Applications

DDS Identity Federation Service

Introduction to application management

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

Oracle Access Manager Configuration Guide

Planning and Administering SharePoint 2016

ArcGIS Enterprise Administration

1Y Citrix. Designing Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

AD FS v3. Deployment Guide

SAML-Based SSO Solution

Unity Connection Version 10.5 SAML SSO Configuration Example

Five9 Plus Adapter for NetSuite

Planning and Administering SharePoint 2016

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

App Gateway Deployment Guide

TACACs+, RADIUS, LDAP, RSA, and SAML


IBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM)

UMANTIS CLOUD SSO (ADFS) CONFIGURATION GUIDE

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Enabling SAML Authentication in an Informatica 10.2.x Domain

Plug-in Guide Advanced Authentication- ADFS Multi- Factor Authentication Plug-in. Version 6.1

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

Setup Guide for AD FS 3.0 on the Apprenda Platform

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Check Point vsec for Microsoft Azure

Identity with Windows Server 2016 (742)

Network Configuration Example

Copyright

SAML with ADFS Setup Guide

Installation Guide Advanced Authentication- ADFS Multi- Factor Authentication Plug-in. Version 6.0

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Web Application Proxy

A: PLANNING AND ADMINISTERING SHAREPOINT 2016

Dell One Identity Cloud Access Manager 8.0. Overview

DYNAMICS AX 2012 R3 ENTERPRISE PORTAL SETUP WITH AUTH0

Setting Up the Server

SAML-Based SSO Solution

SAML Integration using SimpleSAMLphp for ADFS

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

Microsoft Managing Office 365 Identities and Requirements. Download Full version :

Five9 Plus Adapter for Oracle Service Cloud

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

Unified-E App Manager

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Transcription:

Health Professional & ADFS Integration Guide Martyn Bradshaw, Sitekit Ltd 01/10/2014 09:48:23

Registered Office Company Department Author Document Type Document Title Version Number 1.1 Approved By Sitekit Ltd Sitekit House Broom Place Portree Isle of Skye IV51 9HL Sitekit Ltd Systems Martyn Bradshaw Manual Health Professional & ADFS Integration Guide Chris Eckl Created 15/03/2013 Last Modified 14/11/2017 Status Approved Next Review Date 01/10/2014 Document ID File Name Publisher Rights SKDOC-463-101 Sitekit.Solutions.Systems.Manual.Health-Professional-ADFS-Integration-Guide.SKL.1659.11-2232 2017 Sitekit.Ltd Ltd This document is uncontrolled when Change Log Version & date By Changes Page 2 of 12

Contents 1 Introduction... 4 1.1 Pre-requisites... 4 2 Configuring an ADFS 2.0 Relying Party Trust... 4 2.1 Configuring the Claims Rules... 6 2.2 Allowing ADFS through Threat Management Gateway (TMG)... 9 2.3 Adding the application to ACS in Azure... 9 2.4 Federated login set up in Sitekit CMS... 11 3 Technical Support... 12 Page 3 of 12

1 Introduction This guide explains how to integrate local active directory health professional user accounts with the Sitekit platforms (e.g. Mi Platform, eredbook) using ADFS 2.0.It is designed to be used by IT infrastructure administrators. 1.1 Pre-requisites This guide requires the following pre-requisites to be in place: Configured ADFS 2.0 instance Well-connected Active Directory infrastructure An active directory group containing all health professional accounts granted access to the Sitekit platform It also assumes the Microsoft Threat management Gateway (TMG) software is being used at the network perimeter. 2 Configuring an ADFS 2.0 Relying Party Trust To allow user authentication via ADFS 2.0 to the Sitekit platform, a new relying party trust must be created. This defines which local active directory group is permitted access to the use the trust, where the endpoint is located and what active directory claims are passed in order to allow the authentication to complete. 1. Start the ADFS 2.0 Management tool. 2. Select the Relying Party Trusts node and then select the Add relying Party Trust link from the right hand menu. 3. The Add Relying Party Trust wizard starts. Click start to continue. 4. Paste in the Federation metadata address URL (for Sitekit this is https://sitekit.accesscontrol.windows.net/federationmetadata/2007-06/federationmetadata.xml but may vary depending on the platform you are using e.g. Mi, eredbook etc.) and click Next. Page 4 of 12

5. Enter a suitable display name and any desired notes for this relaying party trust, then click Next. 6. On the Issuance Authorization Rules page select Deny All Users access to this relying party trust, then click Next. 7. On the Ready to Add Trust simply click Next to complete the wizard. You should now have a new Relying Party Trust shown under the Relying Party Trusts node. Page 5 of 12

2.1 Configuring the Claims Rules Next we need to define the claims rules for this relying party trust. 1. Right click your new relying party trust and select Edit Claims Rules. 2. Select the Add Rule button and the Add Transform Claim Rule wizard starts. 3. Click Next to continue. 4. On the configure claim rule page set the following options: Enter a description e.g. Platform (mi, erebook etc) Claims Rules. Select Active Directory in the attribute store drop down list box. Add the following Mapping of LDAP attributes to outgoing claim types: LDAP Attribute Display-Name E-Mail-Address Outgoing Claim Type Name E-Mail-Address Department Role Is-Member-Of-DL Group Page 6 of 12

5. Click Finish to return to the Edit Claims Rules box. 6. Now select the Issuance Authorization Rules tab. 7. You should see an existing rule denying all users. We need to add a rule to permit the active directory group containing your health professional user accounts. 8. Click Add Rule and select Permit or Deny Based on an Incoming Claim then click Next. Page 7 of 12

9. Give the rule a suitable name, select Group SID in the Incoming Claim type list and enter the desired AD group name in the Incoming Claim Value Box. Note, the chosen group must be an AD security group. Ensure Permit access to users with this incoming claim is selected. Then click finish. 10. You will now be returned to the Edit Claims Rules box. Click OK to return to the main ADFS 2.0 window. 11. Right click the Relying Party Trust and select Update from Federated Metadata and then click Update. Page 8 of 12

12. You now need to communicate your ADFS federated metadata URL to sitekit. An example may be: https://youradfsdomain/federationmetadata/2007-06/federationmetadata.xml They will then complete the required configuration within the relevant Sitekit Platform and notify you once complete. 2.2 Allowing ADFS through Threat Management Gateway (TMG) As well as setting up ADFS 2.0 and the associated relying party trusts, access to ADFS must be allowed through your firewall. Many organisations use Microsoft TMG at the network perimeter. The link below explains how to create the required listeners on TMG to support ADFS 2.0: http://social.technet.microsoft.com/wiki/contents/articles/11185.adfs-publishing-rule-in-tmg.aspx You may need to implement slightly different rules based on the firewall in use on your network. 2.3 Adding the application to ACS in Azure Active directory / access control namespaces / sitekit Add a new relying party application to the access control namespace Page 9 of 12

Enter the name, realm (site url) and return url as below (assuming the CMS). Select the appropriate identity provider(s) and rule group(s). Click save at the bottom. Page 10 of 12

Now set the cms / site settings as per the documentation in helpcms.sitekit.net. and below 2.4 Federated login set up in Sitekit CMS In terms of configuration the login and logout are created by embedding magic words :::federatedlogin::: :::federated-logout::: on the relevant templates. Federated authentication is an option for both deployed and hosted systems The site settings are below: 1. Master user group - the master user group that all federate users will belong to. This Page 11 of 12

2. Federation realm - This is the domain the federation server expects the authentication request to come from. 3. Federation metadata XML URL - The main configuration file. Used to define certification and the endpoints below on the ACS federation server 4. Passive URL - read only, updates from the metadata XML filer above on clicking 'install' 5. Signing Entry ID - read only, updates from the metadata XML filer above on clicking 'install' 6. Install button- updates the CMS held endpoints above and stores them locally, update the last refreshed date and time displayed alongside the button. 7. Claims to Sitekit User field name mappings - these are used to provide mappings between what is returned from the claims based authentication and the relevant Sitekit user fields. The following can be set up as an example with all the relevant settings in place in the site settings <a href=":::federated-login:::">federated Login</a><br/> <a href=":::federated-logout:::">federated Logout</a><br/> <p> People ID = :::peopleid:::<br/> Username = :::username:::<br/> Fullname = :::fullname:::<br/> </p> For MS liveid users, whilst the user is authenticated we get nothing back about the specific user, so they just default to 'Federated Anonymous'. For AD Users, we get back full name, email, job, user groups. They are put into the master group that is specified in the Site Settings and as for WIA and web service based authentication they are also added to user groups that have names matching those in Active Directory. 3 Technical Support If you have any problems with this guide or need assistance please contact our support team by emailing support@sitekit.net. Please include your contact details, a brief description of the problem and any error codes or other relevant information. You can also contact us by phone using 0845 299 0900. Page 12 of 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback