loading..
< View all articles in Manage Lists.

Single Sign On (SSO) With ADFS

LeadSquared offers single sign-on (SSO) integration with a self-hosted Active Directory Federation Services (ADFS) server.

ADFS is a Microsoft service that allows you to log-in to web applications using your Active Directory (AD) credentials. After integration, you won’t need to manage a separate set of credentials for LeadSquared, and can log-in directly with your AD credentials.

To integrate, you must complete the following steps –

  1. Add a Relying Party Trust to your ADFS server
  2. Obtain the Certificate Thumbprint
  3. Configure LeadSquared Authentication Provider settings

 

Prerequisites

  • You must be a LeadSquared administrator user.
  • You must set up an Active Directory instance, where all users have an email address attribute and the email address is the same as their LeadSquared account.
  • ADFS service must be installed and configured.
  • An SSL certificate and the thumbprint for that certificate.

Note: This article does not explain the process of installing and configuring ADFS. For installation details, click here.

 

Adding a Relying Party Trust

1. Open the ADFS Management console (Server Mangager>Tools>ADFS Management).
open adfs console

2. Under the Actions pane, click Add Relying Party Trust.
add relying party trust

3. You’ll now see the welcome page of the Add Relying Party Trust Wizard. Click Start.
add trust wizard

4. Now click Enter data about relying party manually radio button, then click Next.
adfs configs

5. Enter a display name of your choice, then click Next.
adding display name

6. Select AD FS profile and click Next.
adfs profile

7. Leave the certificate settings here as their defaults and just click Next.
default certificate settings

8. No action is required here, click Next.
config url settings

9. Add a Relying party trust identifier of https://run.leadsquared.com/ as shown below. Click Next.
add trust provider

10. Select the I do not want to configure multifactor… checkbox, then click Next.
multifactor adfs settings

11. Keep the default setting (Permit all users to access…) and click Next.
ADFS auth rules

12. The configurations are now complete. Click Next to continue.
adfs trust config summary

13. The relying party trust has now been added. Click Close to proceed to the Edit Claim Rules dialog.
add claim rules

14. Click the Add Rule button.
add new claim rules to ADFS

15. Click Next to create a Send LDAP Attributes as Claims rule.
claim rules

16. Enter a name for the claim rule, select the Attribute store as Active Directory (this is where the LDAP attributes will be extracted from), then map the LDAP attributes to the outgoing claim type as shown below. Click Finish when you’re done.
configuring adfs claim rules

17. Now click OK.
continue with claim rules

18. Now navigate to ADFS Management>Relying Party Trusts, You can see all relying party trusts here. If required, you can edit claims by clicking Edit claim rules. You may also change identifiers by clicking Properties.
edit existing relying party trust

19. Navigate to ADFS>Service>Endpoints, and ensure that the following endpoint is enabled /adfs/services/trust/13/usernamemixed
enable adfs endpoints

 

ADFS Certificate Thumbprint

1. Navigate to ADFS>Service>Certificates.
adfs certificate

2. Right-click the certificate under Token-signing, then click View Certificate.
adfs cert

3. On the Certificate pop-up, navigate to the Details tab, then copy the Thumbprint value of the certificate. You will need to paste this value in the LeadSquared Authentication Provider wizard as instructed below.
certificate thumbprint value

 

LeadSquared Authentication Provider Settings

This section assumes that you’ve completed the steps described above on the ADFS server side. Now log-in to the LeadSquared application and follow these steps to have single sign-on up and running –

  1. Navigate to My Profile>Settings>Security>Authentication Provider.
  2. Click the slider enable authentication to Enable Third Party Authentication Provider.
  3. On the Choose Authentication Provider window, click Active Directory.
  4. Alongside ADFS URL, enter your server URL. Be sure to choose the correct protocol  – as either http:// or https://
  5. Now paste the value of the Certificate Thumbprint (see Step 3 under the ADFS Certificate Thumbprint section above).
  6. Click Test.
  7. Now enter your Active Directory password and click Next.
  8. Once the password is verified, you’ll receive a success message. Click Enable, then click Yes on the Enable Authentication Provider pop-up.

Your LeadSquared account has now been integrated with your Active Directory.

ADFS as Auth Provider

Note:

  • The next time you log in to your LeadSquared account, you must enter your AD credentials.
  • To disable the integration, just click the slider enable authentication alongside Enable Third Party Authentication Provider on the Authentication Provider Settings page.

 

Any Questions?

Did you find the content here helpful? Leave a comment below and we’ll be happy to address your doubts.