Documentation forSolarWinds Service Desk

ADFS SSO configuration

On this page

Introduction

To configure ADFS 3.0 SSO with your SolarWinds Service Desk account you will need to access both the ADFS Management Console and the SolarWinds Service Desk (SWSD) application.

Navigation

Setup > Account > Single Sign-On.

Instructions

The instructions below cover all aspects of the configuration process:

Step 1 - ADFS 3.0 Management Console

  1. Login to the ADFS Management Console.
  2. Navigate to the Actions menu and select the wizard Add Relying Party Trust.
  3. Click Start.
  4. Enter the Metadata URL for your SWSD instance, and click Next.

    Example: https://<accountname>.samanage.com/saml/metadata

    To copy the URL from your SWSD account:
    1. Navigate to Setup > Account > Single Sign-On.
    2. Select Enable Single Sign-On with SAML and copy the link in the Login URL.

  5. Enter a name and description for the relying party.

  6. Skip the multi-factor authentication.

  7. Permit all users to access this relying party.

  8. Click Next.

  9. Click Close.

  10. In the Edit claim rules window, click Add Rule, and then follow the steps in the wizard.

    • Select Send LDAP Attributes as Claims for the rule template and click Next.

    • Set a rule name, set Active Directory as the attribute store and configure the appropriate attribute mapping. Then click Finish.

  11. Add a second rule; however, this time select the rule template Transform an Incoming Claim and click Next.

    • Set a rule name and set the following parameters:

      • Incoming claim type: AD FS 1.x E-Mail Address

      • Outgoing claim type: Name ID

      • Outgoing name ID format: Email

    • Select Pass through all claim values.

  12. Click Finish.

  13. Click OK to confirm changes.

You can now login to SWSD.

Step 2 - SolarWinds Service Desk

  1. Navigate to Setup > Account > Single Sign-On.
  2. Complete all fields
    • ADSF URL
    • Logout URL
    • Error URL
    • ADFS identifier
    • Identity Provider X 509 Certificate. (This is the Token-Signing Certificate from ADFS exported in Base 64-encoded X.509 [.CER].)

Step 3 - Just In-Time Provisioning

If you select Just In-Time Provisioning Support, click to check the Create users if they do not exist option to create SSO authenticated users in SWSD.

Related topics

Single sign-on