Open main menu

Changes

Single Sign-On

57 bytes removed, 20 February
Active Directory Federation Services (ADFS)
* "Display Name" - Give the trust a display name, e.g. 'SmartSimple'.
* Finish the setup, and then return to the "Claim Rules" editor, and select the "Issuance Transform Rules" tab and add a new rule. Set the "Rule Type" to use the 'Send LDAP Attributes as Claims' template and configure the mapping to the agreed upon user identifier (e.g. LDAP attribute 'E-Mail-Addresses' to Outgoing Claim Type 'NameID'). Depending on your ADFS version and setup you may instead need to create two rules, one to map the attributes E-mail to E-mail, and then a second rule to transform the E-mail to the outgoing NameID.
* To test or use this connection use your internal ADFS URL and specify the loginToRp parameter as the SmartSimple SAML entity ID, e.g. '''https://adfs.yourlocaldomain.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://alias.smartsimple.com/'''.<br/> If you aren't automatically redirected into SmartSimple you may need to have RelayState enabled in ADFS, and then use a RelayState parameter to achieve this, e.g. '''https://adfs.yourlocaldomain.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Dhttps%3A%2F%2Faliashttps://alias.smartsimple.com%2F%26RelayState%3Dhttps%253A%252F%252Falias.smartsimple.com%252F/'''.
====Azure Identity Provider====
<!--Ticket#124791 - SSO to update roles for existing users for a fully federated SSO-->
 
'''Role Mapping''' set to '''Disabled''' / '''Create New Useron No Match''' on No Match is '''OFF'''
* User will not be created if user does not exist in the SmartSimple instance
* Only existing users in the SmartSimple instance will be able to login and no role/status updates for existing users
<br /> '''Role Mapping '''set to '''Disabled''' / '''Create New Useron No Match''' on No Match is '''ON'''  
* '''''Define User Roles Through Custom Attribute '''''is ''''' OFF''''' User will be created with default new user role / default new user status settings if user does not exist in the SmartSimple instance* '''''Define User Roles Through Custom Attribute '''''is ''''' ON''''' User will be created with the roles listed in SSO assertion 'Roles' if users does not exist in the SmartSimple instance  (role names should align with system role names in instance)
* No role/status updates for existing users
<br /> '''Role Mapping''' set to '''Enabled''' / '''Create New Useron No Match''' on No Match is '''OFF'''
* '''''Create New User''''' on ''No Match'' is '''''OFF''''' User should not be created on the system if not already created when using SSO to access system
Lalaine Songalia
Smartstaff
1,391
edits
Retrieved from ‘https://wiki.smartsimple.com/wiki/Special:MobileDiff/43367...43542