If you already are using AD FS at your company, you can use it as IdP to protect the control panel of your StatusHub. To place this protection on the control panel with ADFS just follow the steps below.
1. Go to account settings and select the "SAML" section:
2. Copy the "SSO URL" value and keep this tab open as you will need it in a moment
3. Navigate to ADFS settings and create Relying Party Trust:
4. Select "Claims aware" one:
5. Select "Enter data about the relying party manually"
6. Set a name,
7. Skip token encryption certificate setting,
8. Enable support for the SAML 2.0 and paste in "SSO URL" from StatusHub as "Relying party SAML 2.0 SSO service URL":
9. Use the "SSO URL" for "Relying party trust identifier" and Add it,
10. Follow through rest of wizard steps
11. Now you need to set-up Claims to pass the user's email to StatusHub,
12. Use "Edit Claim Issuance Policy" for newly created "Relying Party Trust":
13. Add Rule,
14. Use "Send LDAP Attributes as Claims":
15. Set a name for the rule and Set "E-Mail-Address" as an "LDAP Attribute" and "Name ID" as "Outgoing Claim Type":
16. Finish creating claim,
17. Make sure that all your relevant users have E-Mail address field filed in Active Directory,
18. In ADFS console navigate to "Service" -> "Endpoints" and search for "Federation Metadata" in "Metadata" section:
19. Use this link to obtain metadata XML. If your ADFS installation is configured as sts.example.com, then URL will be https://sts.example.com/FederationMetadata/2007-06/FederationMetadata.xml
20. Copy the content of this metadata and navigate to StatusHub tab where you got the "SO URL" earlier,
21. Paste metadata XML in "SAML 2.0 IdP metadata in XML format" field and enable SAML:
21. Save changes
From this moment, anyone who would like to access your StatusHub account will have to be authorized by your ADFS installation.
The "Sign-in URL" will need to be used to access your control and users will be asked to sign with their ADFS details.
Comments
0 comments
Article is closed for comments.