AssetSonar supports Single Sign-On (SSO) logins through SAML 2.0 (ADFS server) in Premium plans and above.
This article explains how to configure the SSO integration of a self-hosted Active Directory Federation Services (ADFS) server and AssetSonar.
A SAML 2.0 identity provider (IDP) can take many forms, one of which is a self-hosted Active Directory Federation Services (AD FS) server. AD FS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials.
- AD FS 2.0 benefits
- Configuration installation guide
- Provision users to a custom role
- Troubleshooting errors
1. AD FS 2.0 benefits
- Enables organizations to collaborate securely across Active Directory domains by using identity federation.
- Reduces the need for duplicate accounts and other credential management overhead by enabling federated SSO across organizations, platforms, and applications.
- Provides for identity delegation so that authorized applications can impersonate their users when they access infrastructure services, even when the original users do not have local accounts.
- Enables step-up authentication so that websites can easily request smart-card authentication for particular operations.
AD FS is a standards-based service that allows the secure sharing of identity information between trusted business partners or federated partners across an extranet. In simple words, AD FS is an easy way out of remembering credentials and following multiple times the same authentication steps to sign on in the same cloud solution.
- Administrator-level access to AssetSonar.
- An Active Directory instance where all of your users under your account in AssetSonar have an account, with exactly the same email address. We don’t create user accounts under SSO.
- A server running Microsoft Server 2012 or 2008.
- An SSL certificate to sign your ADFS login page and the fingerprint for that certificate.
- Before you begin, sign in to your AssetSonar account twice — once in a regular browser window and once in a window with incognito mode. This is to ensure that you are still signed in to your account just in case you get locked out of your account in the other window.
3. Configuration Installation Guide
Click here to view our installation guide about how to configure AssetSonar and Microsoft AD FS 2.0 for SSO.
4. Provision users to a custom role
If you want to provision your employees and their respective roles in a way that their hierarchy is reflected in AssetSonar, you can do so by selecting a Default Role that your users will get imported into AssetSonar as.
To enable this setting, go to Settings → Add Ons → SAML Integration from your AssetSonar account. Select your preferred custom role as a Default Role into which you want to provision a certain set of employees.
Let’s say, you want to import a set of Hardware Technicians from your Identity Provider into AssetSonar. Select the following option and hit ‘Update’.
Users cannot log in
In order for ADFS to pass a login through for authentication, a user’s email address must be present in the “E-mail” field of the General tab in their AD profile.
For more troubleshooting queries, please contact email@example.com.