You are here: Administration > System Configuration > Security > Configure Single Sign-on in ADFS 2.0

Configure Single Sign-on in ADFS 2.0

Active Directory Federation Services (ADFS) 2.0 is used to integrate windows login credentials with the Single Sign-on(SSO) feature in Project Insight. The configuration of ADFS 2.0 should be performed by an experienced Windows Server administrator in accordance with instructions provided by Microsoft. Microsoft TechNet is the best online resource for the latest and most accurate information on ADFS 2.0. Instructions within this topic are intended as an example of ADFS 2.0 SSO configuration as it relates to settings specifically within the Project Insight as a ADFS Resource Partner.

Open the ADFS Configuration Manager. If the ADFS Configuration Manager is not available you will need to download, install, and configure ADFS 2.0 from Microsoft [http://www.microsoft.com/en-us/download/details.aspx?id=10909]. Once installed you will need to configure your ADFS, once configured you need to add Project Insight to the Relying Party Trusts. Doing so is extremely easy.

Right Click on Relying Party Trust and click “Add Relying Party Trust”

The “Add Relying Party Trust Wizard” appears. Click Start to get to the following Select Data Source options.

In the “Select Data Source” section make sure “Import Data about the Relying Party published online or on a local network” is selected and enter the following, replaying [myPI] with the appropriate domain name: https://[myPI].projectinsight.net/FederationMetadata/2007-06/FederationMetadata.xml.

Click Next. ADFS will set a display name, but you can change this to something more meaningful to your organization if you desire. Once Done with the display name click Next.

In the “Choose Issuance Authorization Rules” select “Permit all users to access this relying party” option.

In the “Ready to Add Trust” verify the information and click next.

You will see two additional confirmation pages to finish.