Set up an WS Federation connection
Single Sign-On is only available for enterprise customers. Also, please note that the WS Federation protocol doesn't support the identity provider flow.
1. WS Federation protocol
- Open the ADFS Management Console.
- Click Add Relying Party Trust.
- Click Start.
- Select Enter data about the relying party manually and click Next.
- Enter a name (such as YOUR_APP_NAME) and click Next.
- Use the default (ADFS 2.0 profile) and click Next.
- Use the default (no encryption certificate) and click Next.
- Check Enable support for the WS-Federation... and enter the following value in the textbox: https://onemedia-consulting.eu.auth0.com/login/callback
- Click Next.
- Add a Relying Party Trust identifier with the following value: urn:auth0:onemedia-consulting
- Click Add and then Next.
- Leave the default Permit all users... and click Next.
- Click Next and then Close.
- In the Claim Rules window, click Add Rule...
- Leave the default Send LDAP Attributes as Claims.
- Give the rule a name that describes what it does.
- Select the following mappings under Mapping of LDAP attributes to outgoing claim types and click Finish.
|LDAP Attribute||Outgoing Claim|
|Email Address||E-Mail Address|
2. Set up the connection in OneInsight
After creating the relying party trust in ADFS, you can finalize the set up by creating a new WS Federation connection in OneInsight. This task can be performed using OneInsight's admin interface or via OneInsight Support. Enter the following information:
- ADFS URL: URL to the ADFS federation metadata, e.g. https://ADFS.URL/FederationMetadata/2007-06/FederationMetadata.xml
- Email Domains: These will be used to check for SSO connections at https://app.oneinsight.io/login (service provider initiated flow). The email domains that you can set in the admin interface is limited to the email domain of the currently logged in user. If you need additional email domains please contact support.