SSO via ADFS Integration

/, Support/SSO via ADFS Integration

Officebooking supports single sign-on (SSO) logins through SAML 2.0. if you’re on the Professional or Enterprise plan. A SAML 2.0 identity provider (IDP) can take many forms, one of which is a self-hosted Active Directory Federation Services (ADFS) server. ADFS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials.

Before you can use SSO you need to set up ADFS. If you haven’t done this already please follow the Microsoft directives.

https://docs.microsoft.com/nl-nl/windows-server/identity/ad-fs/deployment/set-up-the-lab-environment-for-ad-fs-in-windows-server-2012-r2

We would need your endpoint for SSO (metadata URL) to be entered at ‘company’ in the admin. Furthermore you will need to add Officebooking as an allowed service to your SSO services.

The metadata URL will be something like

https://login.YOURCOMPANYURL.com/federationmetadata/2007-06/federationmetadata.xml

We will need the following attributes:

– givenname (voornaam)
– surname (achternaam)
– Email address als Outgoing Claim Type ‘Name ID’.

As a guide you could use the Zendesk guide, we simply follow the same rules.

https://support.zendesk.com/hc/en-us/articles/203663896-Mapping-attributes-from-Active-Directory-with-ADFS-and-SAML-Professional-and-Enterprise

For authorization of Officebooking within your ADFS environment the url looks something like:

https://app.officebooking/sso/access/SSOid/metadata/

Where SSOid is the ID you’ve entered in the admin console.

Please note that we don’t support SSO on the admin console yet, for testing of SSO on the app you should either use another user id or create a testuser.

Testing of SSO is done either by logging in to the app or in the webportal at https://app.officebooking.net

 

2019-07-08T12:20:26+00:00