ADFS Configuration
Configure ADFS for seamless integration with EnGenius Cloud's SSO
Last updated
Configure ADFS for seamless integration with EnGenius Cloud's SSO
Last updated
This guide provides the steps for configuring ADFS on Windows Server 2022 as an IdP. Please note that images used in the steps may vary with Windows Server updates.
Launch the AD FS management console from Start > Administrative Tools > AD FS Management.
Select 'AD FS' at the top and from the Actions menu, choose 'Add Relying Party Trust'.
Click 'Start' to configure a new trust for Dashboard.
Opt to 'Enter data about the relying party manually' and click 'Next'.
Provide a 'Display name' such as "EnGenius Cloud" for identification in the console and for users, then proceed with 'Next'.
Bypass the 'Configure Certificate' step by selecting 'Next'.
Check the box to Enable support for the SAML 2.0 WebSSO protocol. Input the EnGenius Cloud's 'Consumer URL' into the text field and click 'Next'.
The Consumer URL can be found under Organization > MSP Portal > Teams> Team Management > SAML SSO Settings ( from the IdP configuration).
For 'Relying party trust identifier', input "https://msp-sso.engenius.ai", click 'Add', then 'Next'.
Relying Party Trust ID in SAML Authentication
The Relying Party Trust Identifier is a unique identifier that an Identity Provider uses to recognize and authenticate the specific Service Provider (The EnGenius Cloud) in a SAML setup.
Set default authorization rules; for this guide, choose 'Permit everyone' and click 'Next'.
Open the 'Edit Claim Rules' dialog and go to the 'Issuance Transform Rules' tab, then click 'Add Rule'.
Choose 'Send LDAP Attributes as Claims' as the template and click 'Next'.
To configure a username attribute for SAML:
Name the claim rule "Email".
Choose 'Active Directory' for the attribute store.
Select a unique LDAP Attribute, like E-Mail-Addresses that will be sent to the EnGenius Cloud as the username.
Set the Outgoing Claim Type to "email"
Click 'Finish'.
Outgoing Claim Type
An "Outgoing Claim Type" is a user attribute, like an email or username, that ADFS sends to a Service Provider (EnGenius Cloud) to identify and authorize users in SAML transactions.
Open 'Edit Claim Rules', navigate to 'Issuance Transform Rules', and select 'Add Rule'.
For the template, select 'Send Group Membership as a Claim'.
Name the claim rule "Teams" for assigning user roles.
Use 'Browse' to pick a group for the role assignment.
Set the Outgoing claim type to "msp_teams".
Enter the matching Role/Team value from The MSP Portal’s Teams role in 'Outgoing claim value' to grant access.
Click 'Finish'.
The role/team must correspond with one in EnGenius Cloud under Organization > MSP Portal> Teams> Team Privileges.
Users authenticated via ADFS can now sign into the "EnGenius Cloud".
If this is your first time accessing EnGenius Cloud service through your company's ADFS portal, you'll need to set up a user account initially. Once done, this will allow for automatic sign-in thereafter. The user account includes the following data:
User name
Region
