ADFS Configuration
Configure ADFS for seamless integration with EnGenius Cloud's SSO
Last updated
Configure ADFS for seamless integration with EnGenius Cloud's SSO
Last updated
This guide provides the steps for configuring ADFS on Windows Server 2022 as an IdP. Please note that images used in the steps may vary with Windows Server updates.
Launch the AD FS management console from Start > Administrative Tools > AD FS Management.
Select 'AD FS' at the top and from the Actions menu, choose 'Add Relying Party Trust'.
Click 'Start' to configure a new trust for Dashboard.
Opt to 'Enter data about the relying party manually' and click 'Next'.
Provide a 'Display name' such as "EnGenius Cloud" for identification in the console and for users, then proceed with 'Next'.
Bypass the 'Configure Certificate' step by selecting 'Next'.
Check the box to Enable support for the SAML 2.0 WebSSO protocol. Input the EnGenius Cloud's 'Consumer URL' into the text field and click 'Next'.
For 'Relying party trust identifier', input "https://msp-sso.engenius.ai", click 'Add', then 'Next'.
Set default authorization rules; for this guide, choose 'Permit everyone' and click 'Next'.
Open the 'Edit Claim Rules' dialog and go to the 'Issuance Transform Rules' tab, then click 'Add Rule'.
Choose 'Send LDAP Attributes as Claims' as the template and click 'Next'.
To configure a username attribute for SAML:
Name the claim rule "Email".
Choose 'Active Directory' for the attribute store.
Select a unique LDAP Attribute, like E-Mail-Addresses that will be sent to the EnGenius Cloud as the username.
Set the Outgoing Claim Type to "email"
Click 'Finish'.
Open 'Edit Claim Rules', navigate to 'Issuance Transform Rules', and select 'Add Rule'.
For the template, select 'Send Group Membership as a Claim'.
Name the claim rule "Teams" for assigning user roles.
Use 'Browse' to pick a group for the role assignment.
Set the Outgoing claim type to "msp_teams".
Enter the matching Role/Team value from The MSP Portal’s Teams role in 'Outgoing claim value' to grant access.
Click 'Finish'.
Users authenticated via ADFS can now sign into the "EnGenius Cloud".
If this is your first time accessing EnGenius Cloud service through your company's ADFS portal, you'll need to set up a user account initially. Once done, this will allow for automatic sign-in thereafter. The user account includes the following data:
User name
Region