This article provides all instructions to configure your Active Directory server as well as your Enterprise Account in order to enable the SSO functionality using WS-Fed / WS-Trust.
Supports & Requirements
Active Directory Server
It is still necessary to create user accounts in your Enterprise Account once the SSO functionality is enabled.
For more information, see: User Accounts in SSO Context.
For all details about client integrations supported when configuring SSO with WS-Fed / WS-Trust – and additional configurations that may be required, see: Supported Client Integrations & Restrictions.
AD Server Configuration
- Setup the AD FS role on your AD Server, according to Microsoft’s instructions.
Configure a Relying Party Trust using the AD FS Management
Go to Trust Relationships and add a Relying Party Trust with the following minimum required properties (follow the wizard):
Select Data Source Select Enter data about the relying party manually Choose Profile Select AD FS Profile Configure URL Select Enable support for the WS-Federation Passive Protocol Provide the Relying party WS-Federation Passive protocol URL:
https://login.[xmedius_domain]Note: Use the [xmedius_domain] that corresponds to the region of your enterprise account (i.e. xmedius.com for USA, xmedius.ca for Canada or xmedius.eu for Europe).
Choose Issuance Authorization Rules Select Permit all users to access this relying partyTip: Before finishing, select Open the Edit Claim Rules dialog... to directly step on the next required configuration.
Add a Claim Rule to the Relying Trust Party you just created:
In Edit Claim Rules, Issuance Transform Rules tab, add a rule with the following minimum required properties (follow the wizard):
AD FS Values Required for Further Configuration
You need to get some values from your AD FS in order to use them while configuring your XMedius Enterprise Account for SSO.
Enterprise Account Configuration
- Login to your XMedius Cloud account using a Web browser.
Important: Keep the fail-safe URL (https://login.[domain]/[account]/no-sso) provided at the bottom of the SSO configuration section, it will allow you to log in using your XMedius Cloud account credentials if you lock yourself after SSO activation.
- From the main menu of your Web Portal, select .
- Go to Single Sign-On section and select WS-Fed / WS-Trust.
- Provide the following required information: