0151 355 4555

Configure AD FS for Single Sign On

Instead of each of your users having to remember another username and password to access the Data8 website, you can use Azure AD, your corporate AD FS server or other STS that supports WS-Federation to manage access.

This allows users to access the website securely without having to enter another username and password, and also gives you a single point of management (your internal user directory) to ensure that user accounts are disabled as required. Once a user is disabled in your directory they won't be able to log on to the Data8 website.

If you are using Azure AD there is no additional configuration for you to do. Just click the "Connect" button on the Federated Authentication Configuration page to get started.

If you are using AD FS you will need to first set up a Relying Party Trust on your AD FS server to allow it to issue tokens for the Data8 website.

  1. Within AD FS Management, navigate to Trust Relationships > Relying Party Trusts and click "Add Relying Party Trust..."
  2. Click Next, then enter the address https://www.data-8.co.uk in the Federation metadata address box. Click Next
  3. Enter a display name such as "Data8 Website" and click Next
  4. Leave "Permit all users to access this relying party" and click Next. This will allow AD FS to issue tokens for any user, but you will still control individual user's access rights via the Data8 website.
  5. Click Next again, then Close.
  6. In the "Edit Claim Rules" dialog that appears, click "Add Rule..."
  7. Leave "Send LDAP Attributes as Claims" selected and click Next.
  8. Give the rule a name such as "UPN"
  9. Select the "Active Directory" attribute store
  10. Select "User-Principal-Name" as the LDAP Attribute and "UPN" as the Outgoing Claim Type.
  11. Click Finish, then OK

AD FS is now configured, so you can now set up the Data8 website to trust the tokens issued by AD FS by going to the Federated Authentication Configuration page, entering the federation metadata URL of your AD FS server and clicking Update. This URL will be of the form https://sts.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml, replacing sts.contoso.com with the full domain name of your AD FS server.