EZOfficeInventory supports Single Sign-On (SSO) logins through SAML 2.0 (ADFS server) in Premium plans and above.
This article explains how to configure the SSO integration of a self-hosted Active Directory Federation Services (ADFS) server and EZOfficeInventory.
A SAML 2.0 identity provider (IDP) can take many forms, one of which is a self-hosted Active Directory Federation Services (AD FS) server. AD FS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials.
Contents
1. AD FS 2.0 benefits
2. Prerequisites
3. Configuration Installation Guide
4. Troubleshooting errors
AD FS 2.0 benefits
- Enables organizations to collaborate securely across Active Directory domains by using identity federation.
- Reduces the need for duplicate accounts and other credential management overhead by enabling federated SSO across organizations, platforms, and applications.
- Provides for identity delegation so that authorized applications can impersonate their users when they access infrastructure services, even when the original users do not have local accounts.
- Enables step-up authentication so that websites can easily request smart-card authentication for particular operations.
AD FS being standards-based service allows the secure sharing of identity information between trusted business partners or federated partners across an extranet. In simple words, AD FS is an easy way out of remembering credentials and following multiple times same authentication steps to sign-on in the same cloud solution.
Prerequisites
- Administrator level access to EZOfficeInventory.
- An Active Directory instance where all of your users under your account in EZOfficeInventory have an account, with exactly the same email address. We don’t create user accounts under SSO.
- A server running Microsoft Server 2012 or 2008.
- An SSL certificate to sign your ADFS login page and the fingerprint for that certificate.
- Before you begin, sign in to your EZOfficeInventory account twice – once in a regular browser window and once in a window with incognito mode. This is to ensure that you are still signed in to your account just in case you get locked out of your account in the other window.
Configuration Installation Guide
Click the image below to view our installation guide about how to configure EZOfficeInventory and Microsoft AD FS 2.0 for SSO.
Troubleshooting
Users cannot log in
In order for ADFS to pass a login through for authentication, a user’s email address must be present in the “E-mail” field of the General tab in their AD profile.
For more troubleshooting queries, please contact support@ezo.io.
Resources
Have queries or feedback for us?
If you have any comments or questions regarding SSO integrations, drop us an email at support@ezo.io.