Documentation forSolarWinds Service Desk

ADFS SSO Configuration

To configure ADFS 3.0 SSO with your SolarWinds Service Desk account you will need to access both ADFS Management Console and the SolarWinds Service Desk App.

The instructions below cover all aspects of the configuration process:

Step 1 - ADFS 3.0 Management Console

  1. Login to the ADFS Management Console
  2. Navigate to the Actions menu and select the wizard Add Relying Party Trust
  3. Click Start to begin
  4. Enter the URL for your organization, and click Next
    • https://yourdomain.samanage.com/saml_login/Samanage

    The URL can be copied from your SWSD Account:

    • Navigate to Setup > Account > Single Sign-On
    • Check the Enable Single Sign-On with SAML and copy the link in the Login URL
  5. Enter a name and description for the relying party

  6. Skip the multi-factor authentication

  7. Permit all users to access this relying party

  8. Click Next

  9. Click Close and the Edit claim rules window appears
  10. Click Add Rule and follow the steps in the wizard.
    • Select Send LDAP Attributes as Claims for the rule template and click Next

    • Set a rule name, set Active Directory as the attribute store and configure the appropriate attribute mapping. Then click finish.

    • Add a second rule however, this time select the rule template Transform an Incoming Claim and click Next

    • Set a rule name and set the following parameters:

      • Incoming claim type: AD FS 1.x E-Mail Address
      • Outgoing claim type: Name ID
      • Outgoing name ID format: Email
      • Select Pass through all claim values
  11. Click Finish
  12. Click OK to confirm changes
  13. You have completed the steps in the ADFS Management Console, now login to your SWSD

Step 2 - SolarWinds Service Desk

  1. Navigate to Setup > Account > Single Sign-On
  2. Complete the 2 required fields
    1. Identity Provider URL - This is the full ADFS server url with the SAML endpoint which is typically https://server.com/adfs/ls

    2. X 509 Certificate - This is the Token-Signing Certificate from ADFS exported in Base 64-encoded X.509 (.CER)

Step 3 - Just In-Time Provisioning

If you select Just In-Time Provisioning Support, click to check the Create users if they do not exist option to create SSO authenticated users on the SWSD.