AD FS SSO Set-Up
Note: The MSA agreement must be reviewed and accepted first by the admin of the account before going through this process. Trials should complete this SSO Setup process before the expiration date to ensure full functionality post-purchase.
Within AD FS
To set up AD FS SSO, two claims will need to be created. Without the two rules, there will be login failure. The claim rules are shown below:
First Claim (Order #1)
- ‘Send LDAP Attributes as claims’
- Claim Rule Name: Can be named anything you like
- Attribute Store: Active Directory
- Mapping of LDAP attributes to outgoing claim types
- For LDAP Attribute use: E-Mail-Addresses
- For Outgoing Claim Type use: E-Mail Address
Second Claim (Order #2)
- ‘Transform an Incoming Claim’
- Claim Rule Name: Can be anything you like
- Incoming claim type use: E-Mail Address
- Outgoing claim type use: Name ID
- Outgoing name ID format use: Email
- Ensure the ‘Pass through all claim values’ is selected
Within ActivTrak Dashboard
1. Navigate to Settings > Security > Configuration
2. Enable Single Sign-On and fill out the Identity Provider section.
Note: Ensure that there is -----BEGIN CERTIFICATE----- before the certificate begins and -----END CERTIFICATE----- at the end of the certificate character string. Also, ensure that only the certificate is being copied & pasted into the box. Extra return characters may cause errors.
3. Lastly, navigate to Access > App Access and check off the "Use SSO" next to any user that will be using SSO.
Note: The currently logged-in user cannot modify their own SSO Setting. If they do, they may be locked out of the account. Instead, have another admin enable the setting or contact ActivTrak support to assist.
Please reach out to the ActivTrak Support team via chat or email email@example.com with any questions or issues you have.
Was this article helpful?
0 out of 0 found this helpful