Logo
My activities
Submit a Ticket >
Logo
My activities
Submit a Ticket >

Set Up SSO with AD FS

This article provides instructions on setting up AD FS (Active Directory Federation Services) for SSO. If you're not using AD FS, you'll need to contact your identity provider for specific instructions.

IMPORTANT NOTE: Single sign-on (SSO) authentication is available on the Enterprise edition of Perspective 5.1 or later.

Before proceeding, please review the information and prerequisites in the What is SSO and How Do I Get It? article. 

Note: AD FS must be configured to accept SAML requests prior to completing these steps.

  1. Remotely connect to your AD FS server.

  2. Open Server Manager.

  3. Click Tools in the top-right of the screen, then select AD FS Management.

  4. In the pane to the left, click AD FS > Trust Relationships.

  5. Right-click Relying Party Trusts

  6. Click Add Relying Party Trust… to open the wizard.

  7. Click Start.

  8. On the Select Data Source page, select Import data about the relying party published online or on a location network.

  9. Enter the URL for your metadata in the Federation metadata address (host name or URL) field:

    • Perspective:
      https://ACME.MyIncidents.com/PerspectiveServices/SAML/Metadata/ACMEMetadata.xml

    • Integration Service:
      https://ACME.MyIncidents.com/IntegrationServices/SAML/Metadata/ACMEMetadata.xml

  10. Click Next.

  11. On the Specify Display Name page, enter a descriptive name in the Display Name field.

  12. Enter any notes, as needed, in the Notes field.

  13. Click Next.

  14. Complete the remainder of the steps in the wizard. Once complete, the window will close and the Edit Claim Rules will open. If it doesn’t open automatically, select the trust from the Relying Party Trusts pane, then click Edit Claim Rules... 

  15. Click Add Rule… from the Issuance Transform Rules tab in the Edit Claim Rules window.

  16. Select Transform an Incoming Claim from the Claim rule template dropdown menu on the rule wizard.

  17. Click Next.

  18. Enter a name for the rule in the Claim rule name field.

  19. Select a claim type from the Incoming claim type dropdown menu.

  20. Enter Name ID in the Outgoing claim type field.

  21. Select a name format from the Outgoing name ID format dropdown menu.

  22. Click Finish.

  23. Double-click the trust you just created, then click the Advanced tab.

  24. Select SHA-1 from the Secure hash algorithm dropdown menu.

  25. Click OK.

 Troubleshooting

During the Federation Passive Request, Perspective may send the AssertionConsumerService URL with a capitalized P in the word "Perspective" (i.e. https://<PerspectiveServicesURL>/Perspective/SAML/AssertionConsumerService.aspx), causing the following error message to display:

To resolve this issue, you must edit the Relying Part Trust configured for Perspective by completing the following steps:

  1. Click the Endpoints tab.
  2. Select the SAML Assertion Consumer.
  3. Open the Edit Endpoint window.
  4. Edit the URL in the Trusted URL field to show the word "perspective" with a capital P (i.e. Perspective).

  5. Click OK.

 

See also:

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk