AI Docs

Using Active Directory Federated Services to Authenticate to Certero | v7

2 min read

image-20251116-124147.png

From Certero version 7, there is the ability to use Federated Authentication via Active Directory Federated Services (ADFS). The following sections provide the instructions on how to use ADFS to authenticate to Certero.

Step 1 - Active Directory Connector

  1. Go to Connectors > Active Directory

  2. Open the properties of the Active Directory Connector

  3. Click on the Authentication tab

  4. Copy the URI displayed under Federated Authentication

N.B. do not change the Logon Method from Forms Authentication to Federated Authentication at this point

Step 2 - ADFS Configuration

  1. Login to the Active Directory Federated Services Server using an Administrator account

  2. Open AD  FS Management under Control Panel > Adminstrative Tools > AD FS Management

  3. Select Add Relying Party Trust... in the right hand pane

  4. Select Claims aware and click Start

  5. Select Enter data about the relying party manually and click Next

  6. Enter a friendly name under Display name , e.g. Certero, and add Notes if required

  7. Click Next on the Configure Certificate Section

  8. In the Configure URL section tick the box Enable support for the WS-Federation Passive Protocol

  9. Enter the URL copied in Step 1 into the Relying party WS-Federation Passive Protocol URL e.g. https://<CerteroServerFQDN>/CerteroWebApp/Account/LogonFederated and Click Next

  10. Configure Identifiers , Click Next

  11. Choose Access Control Policy - Permit Everyone, Click Next

  12. Tick the box Configure claims issuance policy for this application and click Close

  13. Click Add Rule. Select Send LDAP Attributes as Claims in the drop down list and click Next

  14. In the Claim rule name box type Send UPN as N ame

  15. Select Active Directory as the Attribute store and map the User-Principal Name to the Name and click OK

Step 3 - Complete the Configuration

  1. Go to Connectors > Active Directory

  2. Open the properties of the Active Directory Connector

  3. Click on the Authentication tab

  4. Change the authentication from Forms Authentication to Federated Authentication

  5. In the Sign-on Endpoint box put in the following https://adfsserver/adfs/ls/ where adfsserver is the FQDN of the ADFS server

  6. Click Save to save the configuration

  7. To revert back to previous method of authentication change the authentication from  Federated Authentication to Forms Authentication