Set Up Active Directory Federation Services (ADFS) for ProntoForms Single Sign-On

 

About

Single Sign-On (SSO) allows your users to use their credentials from a secure Identity Provider (IdP) to log in to the ProntoForms app. This can save time and frustration by reducing the number of passwords your mobile users have to enter on a daily basis, without sacrificing security.

Active Directory Federation Services (ADFS) is a SSO solution created by Microsoft, and provides users with authenticated access to applications not capable of using Integrated Windows Authentication (IWA) through Active Directory (AD).

This article will walk you through the step to configure AD FS for a SSO integration with ProntoForms.

[ top ]

 

Permissions Required

Setting this integration up requires access to the ADFS Management Console and the ProntoForms Team Administration pages in the web portal. Please ensure you have access to, and permission to modify, the settings on these pages/consoles before beginning this process.

[ top ]

 

Setup

In ADFS

  1. Log onto the ADFS server and open the AD FS Management Console.
  2. Select Trust Relationships from the left navigation bar, and select Add Relying Party Trust from the right navigation.
    2018-12-12-PFADFS.png

  3. Follow the Add Relying Party Trust Wizard.
    2018-12-12-PFADFS2.png

  4. On the Select Data Source step, select Enter data about the relying party manually and select Next.
    2018-12-12-PFADFS3.png

  5. On the next screen, specify a Display name and select Next.
    2018-12-12-PFADFS4.png

  6. On the Choose Profile step, select AD FS profile.
    2018-12-12-PFADFS5.png

  7. On the Configure Certificate step, simply hit Next. Do not configure a certificate.
  8. On the Configure URL step, select Enable support for the SAML 2.0 WebSSO protocol and set the Relying Party SAML 2.0 SSO Service URL to:
    https://live.prontoforms.com/saml/SSO
    2018-12-12-PFADFS6.png

  9. On the Configure Identifiers step, add the relying party trust identifier:
     prontoforms.com/prod
    2018-12-12-PFADFS7.png

  10. On the Configure Multi-Factor Authentication Now? step, select I do not want to configure multi-factor authentication settings for this relying party trust at this time.
    2018-12-12-PFADFS6-5.png

  11. On the Choose Issuance Authorization Rules step, select Permit all users to access this relying party.
    2018-12-12-PFADFS6-6.png
  12. On the Ready to Add Trust step, select Next to add the relying party trust.
  13. On the Finish step, select Open the Edit Claims Rules dialog for this relying party trust when the wizard closes.
    2018-12-12-PFADFS8.png


  14. In the Edit Claim Rules dialog, select Add Rule... to add a relying party trust claim rule
    2018-12-12-PFADFS9.png

  15. On the Choose Rule Type step, select Send LDAP Attributes as Claims from the dropdown.
    2018-12-12-PFADFS10.png

  16. On the Configure Claim Rule step, configure the rule to return a user's username from Active Directory upon SAML login. Once complete, select Finish to be returned to the Edit Claims Rules dialog.
    2018-12-12-PFADFS11.png

  17. On the Edit Claims Rules dialog, select OK to add the rule. This will return you to the AD FS Management window.
    2018-12-12-PFADFS12.png

  18. In the AD FS Management window, select your new Relying Party Trust, and click on Properties in the right-hand navigation pane.
    2018-12-12-PFADFS13.png

  19. In the Properties window, select the Endpoints tab, select and Edit the endpoint.
    2018-12-12-PFADFS14.png

  20. In the Edit Endpoint dialog, select the option to Set the trusted URL as default and select OK to be returned to the Properties dialog.
    2018-12-12-PFADFS15.png

  21. In the Endpoints tab of the Properties dialog, select Add SAML...
    2018-12-12-PFADFS16.png

  22. In the Add an Endpoint dialogue, select the following options:
    2018-12-12-PFADFS17.png
    1. Endpoint Type: SAML Assertion Consumer
    2. Binding: Artifact
    3. Trusted URL: https://live.prontoforms.com/saml/SSO
    4. Select OK to be returned to the Properties dialog.

  23. In the Advanced tab, set Secure hash algorithm to SHA-1 and select OK
    2018-12-12-PFADFS18.png

  24. Open Windows PowerShell and execute the following commands:
    Get-AdfsRelyingPartyTrust -Identifier prontoforms.com/prod | Set-AdfsRelyingPartyTrust -SigningCertificateRevocationCheck None

    Get-AdfsRelyingPartyTrust -Identifier prontoforms.com/prod | Set-AdfsRelyingPartyTrust -EncryptionCertificateRevocationCheck None

    Get-AdfsRelyingPartyTrust -Identifier prontoforms.com/prod | Set-AdfsRelyingPartyTrust -SignedSamlRequestsRequired $false
    2018-12-12-PFADFS19.png

  25. Download the ADFS Federation Metadata by entering the URL into a web browser using the following format:
    https://<ADFS Server>/federationmetadata/2007-06/federationmetadata.xml
    Note: Save this metadata XML to a file. This is the Identity Provider Metadata that you will need later to configure ProntoForms for SSO.
    2018-12-12-PFADFS20.png

  26. ADFS is now ready to accept SSO connections from ProntoForms.
  27. To configure ProntoForms for SAML, please read: Enabling Single Sign-On for ProntoForms

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments