Setting up single sign-on using Active Directory with ADFS and SAML

 

ProProfs Knowledge Base supports single sign-on (SSO) logins through SAML 2.0. By saying single sign-on (SSO), it means your knowledge base users can log in to their account by using the same credentials they’re using to log on to their computer. They don’t need to remember separate login details for the Knowledge base.

 

A SAML 2.0 identity provider (IDP) can take many forms, one of which is a self-hosted Active Directory Federation Services (ADFS) server. ADFS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials.

 

Requirements

 

To use ADFS to log in to your ProProfs Knowledge base, you need the following components:

  • An Active Directory instance where all users have an email address attribute.
  • A Knowledge base subscription on the Enterprise plan.
  • You should have users in the Knowledge base using the same emails that were attributed in Active Directory. Authenticated users will uniquely identify using their email addresses. Here is how you can set up users in the ProProfs Knowledge base. Feel free to set up just one or two users during testing.
  • A server running Microsoft Server 2012 or 2008. This guide uses screenshots from Server 2012R2, but similar steps should be possible on other versions.

 

Step 1 - Adding a Relying Party Trust

 

At this point, you should be ready to set up the ADFS connection with your ProProfs Knowledge base. The connection between ADFS and ProProfs is defined using a Relying Party Trust (RPT).

 

1. Select ADFS Management from the Tools menu.

 
 
2. Select the Relying Party Trusts folder from AD FS Management, and add a new Standard Relying Party Trust from the Actions sidebar.
 
 
3. This starts the configuration wizard for a new trust. Click Start.
 
 
4. In the Select Data Source screen, select the first option, Import data about the relying party published online or on a local network. Enter this URL in the text box:
https://sso.proprofs.com/saml/adfs/web/sp/?idp=yourdomainname
 
Here, your domain name is the name of your domain from the URL https://mysubdomain.yourdomainname.com.
 
 
 
5. Click OK at the warning screen:
 
 
 
6. On the next screen, enter a Display name that you'll recognize in the future, and any notes you want to make.
 
 
 
6. On the next screen, select I do not want to configure multi-factor authentication settings for the relying party trust at this time.
 
 
 
7. On the next screen, select the Permit all users to access this relying party radio button.
 
 
 
8. On the next screen, the wizard will display an overview of your settings.
 
 
 
9. On the final screen use the Close button to exit and open the Claim Rules editor. 
 
 
 
10. You can see that desired Relying Party Trust has been added.
 

 

 

Step 2 - Creating Claim Rules

 

Once the relying party trust has been created, you can create the claim rules and update the RPT with minor changes that aren't set by the wizard.

1. Select the Relying Party Trust we’ve just added and then click Edit Claim Rules…

 

 

2. To create a new rule, click on Add Rule inside the Issuance Transform Rules.

 

 

3. Create a Send LDAP Attributes as Claims rule.

 

 

 

4. On the next screen, using Active Directory as your attribute store, do the following: 

1. From the LDAP Attribute column, select E-Mail Addresses

2. From the Outgoing Claim Type, select E-Mail Address

 

 

 

5. Click on OK to save the new rule.

 

6. Create another new rule by clicking Add Rule, this time selecting Transform an Incoming Claim as the template.

 

 

7. On the next screen:

1. Select E-mail Address as the Incoming Claim Type.

2. For Outgoing Claim Type, select Name ID

3. For Outgoing Name ID Format, select Email.

Leave the rule to the default of Pass through all claim values

 

 

8. Finally, click OK to create the claim rule, and then OK again to finish creating rules.

 

9. Your claim rules will appear like that.

 

 

Step 3 - Configuring ProProfs Knowledge Base

 

After setting up ADFS, you need to configure your ProProfs Knowledge base to authenticate using SAML. For now, we have configured your account on your behalf to get started quickly. Later, we'll give you a completed option to customize.

 

Step 4 - Testing Single Sign-On

 

You should now have a working ADFS SSO implementation for your ProProfs Knowledge base. To test this setup, open the ProProfs Knowledge Base login page and enter any user email (and no password). Make sure that the email that you're entering should be available in both Active Directory and ProProfs Knowledge Base.

https://www.proprofskb.com/login/

After pressing Login, you will notice your most friendly Active Directory login screen.

 

Enter required login credentials (same email and password associated with that domain user). Once authenticated, you will be logged in to your ProProfs Knowledge Base account with appropriate user permissions.

Was this information helpful?
© 2005 - 2024 ProProfs
-
add chat to your website