Configuring ADFS 3.0 as the Identity Provider

Configuring ADFS 3.0 as the Identity Provider


Role Required: SDAdmin
 
Before you start the configuration process, make sure that the AssetExplorer application is running in the HTTPS mode.

Then, configure AssetExplorer as a Relying Party Trust (RPT). This can be done either manually or using the metadata file.

Configuring the Relying Party Trust Manually     

  1. Open the ADFS management application.
  2. Right-click Relying Party trust and choose Add Relying Party Trust option. The Add Relying Party Trust Wizard opens.

  1. Choose Claims Aware and click Next.

  1. Choose Enter data about the relying party manually and click Next.

  1. Provide a Display Name and add Notes if any.
  2. Click Next.

  1. The next window is to upload the encryption certificate. You can skip this step as AssetExplorer does not support encryption of the SAML responses.
  2. Click Next.

  1. Select Enable support for SAML 2.0 Web SSO portal checkbox.
  2. Enter the Assertion Consumer URL of AssetExplorer in the Relying Party SAML 2.0 SSO Service URL field.
  3. Click Next.

  1. In Relying Party Trust identifier, enter the Entity ID of AssetExplorer and click Add.
  2. Click Next.

  1. Choose Access Control Policy from the list and click Next.

  1. Click Next.

  1. Click Close. The Edit Claim Insurance Policy for AE window opens.
  1. Minimize the window and double-click Relying Party Trust to open its properties.
  2. In the Signature tab, add the certificate file downloaded from AssetExplorer by clicking the Add button.

  1. In the Endpoints tab, click Add SAML and choose the Endpoint Type as SAML Logout.
  2. Enter the Single Logout Service URL of AssetExplorer in the Trusted URL and Response URL fields.
  3. Click OK.




  1. Under the Advanced tab, choose the Algorithm used in AssetExplorer from the drop-down.
  2. Click Apply.



Configuring Relying Party Trust using the Metadata File     

  1. Open the ADFS management application.
  2. Right-click Relying Party trust and choose Add Relying Party Trust option. The Add Relying Party Trust Wizard opens.

  1. Choose Claims Aware and click Next.

  1. Choose Import data about the relying party from a file.
  2. Click Browse and upload the SP metadata file.
  3. Click Next.

  1. Provide a Display Name for the RPT and click Next.

  1. Choose Access Control Policy and click Next.

  1. Click Next.

  1. Click Close to complete the configuration.

  1. After configuring AssetExplorer as a Relying Port Trust, the Edit Claim Insurance Policy for AE window opens.
  2. Click Add Rule.

  1. In the Claim Rule template drop-down, choose Transform an Incoming Claim option and click Next.

  1. Provide a Claim Rule Name.
  2. Choose Windows Account Name as the Incoming claim type, Name ID for Outgoing claim type, and Transient Identifier for Outgoing Name ID format. Currently, AssetExplorer supports Transient, Persistent, and Email Address as Name ID formats.
    1. To log in using your username and domain, select Transient or Persistent.
    2. To log in using your email address, select Email Address.
  3. Click Finish.


Download the IdP Certificate   

  1. To download the IdP Certificate, go to Services > Certificates and click the Token-signing certificate.

  1. Under the Details tab, click Copy to File option. The Certificate Export Wizard opens.

  1. Choose DER encoded binary X.509 (.CER) and click Next.

  1. Enter the location to save the file and provide the file name at the end of the URL.
  2. Click Next. You must upload this certificate in AssetExplorer application to complete the integration. The login and logout URLs for ADFS 3.0 are as follows:
    Login URL: https://yourdomainname/adfs/ls
    Logout URL: https://yourdomainname/adfs/ls?SingleSignOut=SingleSignOut

  1. Click Finish.


You have now configured AssetExplorer as a service provider in ADFS 3.0.

Go to the SAML configuration page in AssetExplorer and provide the IdP details to complete the integration.


    • Related Articles

    • Configuring G Suite as the Identity Provider

      Role Required: SDAdmin Log in to Google Workspace. Go to Apps > Web and mobile apps. Click Add app > Add custom SAML app. Provide the App name and Description. Upload the App icon and click Continue. On the displayed page, download the certificate ...

    • Configuring OneLogin as Identity Provider

      Role Required: SDAdmin Log in your OneLogin domain and click Applications under the Applications tab. In the displayed page, click Add App. Search for SAML from the search box and select SAML Test Connector (Advanced) from the search results. Provide ...

    • Configuring Okta as the Identity Provider

      Role Required: SDAdmin Log in to your Okta domain. Go to the Applications > Add Application. Click Create New App. From the displayed dialog box, choose SAML 2.0 as the sign-on method. Click Create. In the next window, provide a Name for your ...

    • Configuring SAML in AssetExplorer

      Role Required: SDAdmin Go to Admin > Organizational Details > SAML Single Sign-On. In the configurations tab, you will find two sections: Service Provider Details and Configure Identity Provider Details. Service Provider Details Under the Service ...

    • Configure Azure as the Identity Provider

      Role Required: SDAdmin Follow the steps below to configure AssetExplorer as a service provider in Azure. Before configuring, ensure that the AssetExplorer runs in HTTPS mode. Log in to your Azure domain. Under Azure Services, click Enterprise ...