Documentation forSolarWinds Service Desk

ADFS SSO configuration and user provisioning

On this page

Introduction

To configure ADFS 3.0 SSO with your SolarWinds Service Desk account you will need to access both the ADFS Management Console and the SolarWinds Service Desk (SWSD) application.

You can simultaneously connect ADFS and Google.

Navigation

ITSM customers ESM customers
Setup > Account > Single Sign-On Organization > Setup > Account > Single Sign-On

Instructions

The instructions below cover all aspects of the configuration process:

Step 1 - ADFS 3.0 Management Console

  1. Log in to the ADFS Management Console.
  2. Navigate to the Actions menu and select the wizard Add Relying Party Trust.
  3. Click Start.
  4. Enter the Metadata URL for your SWSD instance, and then click Next.

    Example: https://<accountname>.samanage.com/saml/metadata

    To copy the URL from your account:

    1. Navigate to Setup > Account > Single Sign-On.

    2. Select Enable Single Sign-On with SAML and copy the link in the Login URL.

  5. ESM customers need to edit all domain/account name references to redirect SSO to the organization level. For example:

    https://org-ACCOUNTNAME.samanage.com/saml/metadata
    or
    https://org.[DOMAINNAME]/saml/metadata

  6. Enter a name and description for the relying party.

  7. Skip the multi-factor authentication.

  8. Permit all users to access this relying party.

  9. Click Next.

  10. Click Close.

  11. In the Edit claim rules window, click Add Rule, and then follow the steps in the wizard.

    • Select Send LDAP Attributes as Claims for the rule template and click Next.

    • Set a rule name, set Active Directory as the attribute store and configure the appropriate attribute mapping. Then click Finish.

  12. Add a second rule; however, this time select the rule template Transform an Incoming Claim and click Next.

    • Set a rule name and set the following parameters:

      • Incoming claim type: ADFS 1.x E-Mail Address

      • Outgoing claim type: Name ID

      • Outgoing name ID format: Email

    • Select Pass through all claim values.

  13. Click Finish.

  14. Click OK to confirm changes.

You can now log in to SWSD.

Step 2 - SolarWinds Service Desk

  1. Navigate to Setup > Account > Single Sign-On.
  2. Complete all fields
    • AD SF URL
    • Logout URL
    • Error URL
    • ADFS identifier
    • Identity Provider X 509 Certificate. (This is the Token-Signing Certificate from ADFS exported in Base 64-encoded X.509 [.CER].)

Step 3 - Just In-Time user provisioning

If you select Just In-Time Provisioning Support, click to check the Create users if they do not exist option to create SSO authenticated users in SWSD.

After users are provisioned, you must maintain the user account records through SWSD. Any updates made in ADFS will not automatically populate in SWSD.

Related topics

Single sign-on