ADFS SSO configuration and user provisioning
On this page
To configure ADFS 3.0 SSO with your SolarWinds Service Desk account you will need to access both the ADFS Management Console and the SolarWinds Service Desk (SWSD) application.
You can simultaneously connect ADFS and Google.
|ITSM customers||ESM customers|
|Setup > Account > Single Sign-On||Organization > Setup > Account > Single Sign-On|
The instructions below cover all aspects of the configuration process:
- Log in to the ADFS Management Console.
- Navigate to the Actions menu and select the wizard Add Relying Party Trust.
- Click Start.
- Enter the Metadata URL for your SWSD instance, and then click Next.
To copy the URL from your account:
Navigate to Setup > Account > Single Sign-On.
Select Enable Single Sign-On with SAML and copy the link in the Login URL.
Enter a name and description for the relying party.
Skip the multi-factor authentication.
Permit all users to access this relying party.
In the Edit claim rules window, click Add Rule, and then follow the steps in the wizard.
Select Send LDAP Attributes as Claims for the rule template and click Next.
Set a rule name, set Active Directory as the attribute store and configure the appropriate attribute mapping. Then click Finish.
Add a second rule; however, this time select the rule template Transform an Incoming Claim and click Next.
Set a rule name and set the following parameters:
Incoming claim type: ADFS 1.x E-Mail Address
Outgoing claim type: Name ID
Outgoing name ID format: Email
Select Pass through all claim values.
- Click OK to confirm changes.
ESM customers need to edit all domain/account name references to redirect SSO to the organization level. For example:
You can now log in to SWSD.
- Navigate to Setup > Account > Single Sign-On.
- Complete all fields
- AD SF URL
- Logout URL
- Error URL
- ADFS identifier
- Identity Provider X 509 Certificate. (This is the Token-Signing Certificate from ADFS exported in Base 64-encoded X.509 [.CER].)
If you select Just In-Time Provisioning Support, click to check the Create users if they do not exist option to create SSO authenticated users in SWSD.