1. Workpath Help Center
  2. Account Administration
  3. 🔒 Access & Security

Setting up single sign-on using Active Directory with ADFS and SAML

Workpath supports single sign-on (SSO) logins through SAML 2.0. A SAML 2.0 identity provider (IDP) can take many forms, one of which is a self-hosted Active Directory Federation Services (ADFS) server. ADFS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials.

Configuration of Workpath

  1. Please provide your Workpath Account Manager with the federation metadata of your AD FS installation. The metadata can usually be accessed from a "/FederationMetadata/2007-06/FederationMetadata.xml" endpoint on your AD FS server, e.g. "https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml".
  2. Your Workpath Account Manager will then configure the account on Workpath's side accordingly. Proceed to configure the Relying Party Trust in AD FS.

Add a Relying Party Trust

  1. Download the SP metadata for Workpath from the URL provided by your Workpath Account Manager. It follows this format: https://api.workpath.com/v1/saml/metadata/account-subdomain (where account-subdomain is your company name e.g. contoso).
  2. Open Server Manager. Click Tools on the top right, then select AD FS Management from the menu.

    AD_FS_Management.png

  3. Add a Relying Party Trust by right-clicking Relying Party Trusts and selecting Add Relying Party Trust....

    Relying_Party_Trust.png

  4. Click Start on the bottom right of the Welcome Screen.

    Relying_Party_Trust_-_Welcome.png

  5. Select Import data about the relying party from a file, click Browse... and select the downloaded metadata file (you might have to allow "All Files (*.*)" in the open file dialog) and click Next.

    Relying_Party_Trust_-_Select_Data_Source.png

  6. Use "Workpath" as "Display name" and click Next.

    Relying_Party_Trust_-_Specify_Display_Name.png


  7. Select Permit everyone from the Access Control Policy list, then click Next.

    Relying_Party_Trust_-_Choose_Access_Control_Policy.png

  8. On the Ready to Add Trust screen, click Next.

    Relying_Party_Trust_-_Ready_to_Add_Trust.png

  9. On the Finish screen, click on Close.

    Relying_Party_Trust_-_Finish.png

Create Claim Rules

Once the Relying Party Trust has been created, proceed by configuring the required claims.

  1. Right-click on Workpath, then select Edit Claim Issuance Policy....

    Edit_Claim_Issuance_Policy.png

  2. Click on Add Rule.

    Edit_Claim_Issuance_Policy_-_Add_Rule.png

  3. Select Send LDAP Attributes as Claims, click Next.

    Edit_Claim_Issuance_Policy_-_Send_LDAP.png

  4. Name the rule "Get Attributes", select "Active Directory" as Attribute store and configure following mapping:

    LDAP Attribute         Outgoing Claim Type        
    E-Mail-Addresses E-Mail Address
    Given-Name first_name
    Surname last_name

    Click on Finish.

    Edit_Claim_Issuance_Policy_-_Get_Attributes.png

  5. Click on Add Rule... .
  6. Click the dropdown below Claim rule template and select Transform an Incoming Claim, then click Next >.

    Edit_Claim_Issuance_Policy_-_Transform.png

  7. Name the rule "Transform", select E-Mail Address as incoming claim type, Name ID as outgoing claim type and Email as outgoing name ID format. Click Finish.

    Edit_Claim_Issuance_Policy_-_Transform_Rule.png

  8. Finish Claim Issuance Policy configuration by clicking OK.

    Edit_Claim_Issuance_Policy_-_OK.png

 

Testing Single Sign-On

Once the configuration is completed in AD FS and Workpath, it is time to test the single sign-on.

  1. Open the login page of your Workpath account (https://{account-subdomain}.workpath.com) and click on the Login Button.

    Login_1.png

  2. Enter your Active Directory credentials, if you are not logged in yet.

    Login_2.png

  3. Hurray! You are now logged in to Workpath with your Active Directory account.

    Login_3.png
Was this article helpful?
5 out of 9 found this helpful

Related articles