VisibleThread -
Help Center Find helpful articles on different VisibleThread Products

Follow

Setup Single Sign-On for Active Directory and VisibleThread Docs on-prem

 

This article provides the specifics for setting up VT Docs inside your Active Directory Federation Services (ADFS) . This covers the details to complete Step 2 "Setup VT Docs (as a Service Provider) in your Identify Provider" in Getting Started with Single Sign-On (SSO)

Prerequisites

If your end-users are using Internet Explorer, we require ADFS forms-based authentication to be enabled. This is because VisibleThread does not support Windows Integrated Authentication (WIA).

Before starting the steps below you must download the VT Docs metadata file :

  • login to the VT Docs sandboxAdmin app - go to https://<your-on-prem-vt-docs-server>/sandboxAdmin
  • click on Security Settings icon in the sidebar
  • click Single Sign-On with SAML 2.0
  • click Download MetaData
  • the downloaded metadata file is called vt_docs_saml_metadata.xml

Add new Relying Party Trust

In your AD FS Management tool select Add Relying Party Trusts... from the Actions sidebar.

1. Click Start in the configuration wizard to configure a new Relying Party Trust :

mceclip2.png

2. In Select Data Source - select option Import data about the relying party from a file then browse for the file vt_docs_saml_metadata.xml :

mceclip3.png

3. Enter a Display name :

mceclip5.png

4. Choose an access control policy :

mceclip6.png

5. Click Next to proceed (there are no changes required here) :

mceclip7.png

6. To finish adding your relying party trust click Close :

mceclip8.png

Edit Claim Issuance Policy

Finally, we have to configure a Claim Rule that will map the LDAP email attribute (for a user) to a SAML claim.

1. In the list of Relying Party Trusts - right click on the trust you created above and select Edit Claim Issuance Policy... :

mceclip9.png

2. Click Add Rule... :

mceclip10.png

3. Select Send LDAP Attributes as Claims :

mceclip11.png

4. In Configure Rule - provide a Claim rule name e.g. "Email" and select Active Directory under Attribute store. Then click LDAP Attribute dropdown and select E-Mail-Addresses. Then click into Outgoing Claim Type, type in the text "Name ID" and hit Finish :

mceclip13.png

5. Hit OK to complete :

mceclip14.png

Congratulations! You should now be able to resume the final step Test and Enable SAML SSO in Getting Started with Single Sign-On (SSO)

Was this article helpful?
0 out of 0 found this helpful

Get Additional Help

Visit our Helpdesk for additional help and support.