Ask or search…
K

ADFS Configuration

Configure ADFS for seamless integration with EnGenius Cloud's SSO
This guide provides the steps for configuring ADFS on Windows Server 2022 as an IdP. Please note that images used in the steps may vary with Windows Server updates.

Create “Relying Party Trust”

  1. 1.
    Launch the AD FS management console from Start > Administrative Tools > AD FS Management.
  2. 2.
    Select 'AD FS' at the top and from the Actions menu, choose 'Add Relying Party Trust'.
2-1 Add Relying Party Trust
  1. 3.
    Click 'Start' to configure a new trust for Dashboard.
  2. 4.
    Opt to 'Enter data about the relying party manually' and click 'Next'.
2-2 Enter data about the relying party manually
  1. 5.
    Provide a 'Display name' such as "EnGenius Cloud" for identification in the console and for users, then proceed with 'Next'.
2-3 Display Name
  1. 6.
    Bypass the 'Configure Certificate' step by selecting 'Next'.
  2. 7.
    Check the box to Enable support for the SAML 2.0 WebSSO protocol. Input the EnGenius Cloud's 'Consumer URL' into the text field and click 'Next'.
2-4 Enable support for the SAML 2.0 WebSSO
The Consumer URL can be found under Organization > MSP Portal > Teams> Team Management > SAML SSO Settings ( from the IdP configuration).
  1. 8.
    For 'Relying party trust identifier', input "https://msp-sso.engenius.ai", click 'Add', then 'Next'.
2-5 Relying party trust identifier
2-6 Relying party trust identifier
Relying Party Trust ID in SAML Authentication
The Relying Party Trust Identifier is a unique identifier that an Identity Provider uses to recognize and authenticate the specific Service Provider (The EnGenius Cloud) in a SAML setup.
  1. 9.
    Set default authorization rules; for this guide, choose 'Permit everyone' and click 'Next'.
2-7 Permit everyone

Configure Username Attributes (email)

  1. 1.
    Open the 'Edit Claim Rules' dialog and go to the 'Issuance Transform Rules' tab, then click 'Add Rule'.
2-8 Edit Claim Rules
  1. 2.
    Choose 'Send LDAP Attributes as Claims' as the template and click 'Next'.
2-9 Send LDAP Attributes as Claims
  1. 3.
    To configure a username attribute for SAML:
  • Name the claim rule "Email".
  • Choose 'Active Directory' for the attribute store.
  • Select a unique LDAP Attribute, like E-Mail-Addresses that will be sent to the EnGenius Cloud as the username.
  • Set the Outgoing Claim Type to "email"
  • Click 'Finish'.
2-10 Outgoing Claim Type
Outgoing Claim Type
An "Outgoing Claim Type" is a user attribute, like an email or username, that ADFS sends to a Service Provider (EnGenius Cloud) to identify and authorize users in SAML transactions.

Configure Role Attributes (Team Privilege)

  1. 1.
    Open 'Edit Claim Rules', navigate to 'Issuance Transform Rules', and select 'Add Rule'.
  2. 2.
    For the template, select 'Send Group Membership as a Claim'.
  3. 3.
    Name the claim rule "Teams" for assigning user roles.
  4. 4.
    Use 'Browse' to pick a group for the role assignment.
  5. 5.
    Set the Outgoing claim type to "msp_teams".
  6. 6.
    Enter the matching Role/Team value from The MSP Portal’s Teams role in 'Outgoing claim value' to grant access.
2-11 Configure Role Attributes
  1. 7.
    Click 'Finish'.
The role/team must correspond with one in EnGenius Cloud under Organization > MSP Portal> Teams> Team Privileges.
2-12 Configure 'Team Privilege' on EnGenius Cloud

Accessing EnGenius Cloud with ADFS Authentication

Users authenticated via ADFS can now sign into the "EnGenius Cloud".
2-13 ADFS Sign-In Page

Setting Up EnGenius Cloud Account via ADFS Portal

If this is your first time accessing EnGenius Cloud service through your company's ADFS portal, you'll need to set up a user account initially. Once done, this will allow for automatic sign-in thereafter. The user account includes the following data:
  • User name
  • Email
  • Region
2-14 Access EnGenius Cloud for the first time