Versions Compared

Old Version 5

changes.mady.by.user Pramuk Shyam Pathy

Saved on

compared with

New Version Current

changes.mady.by.user Chris Clark

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NOTE: Due to the number of different versions of ADFS and implementation options this guide is not definitive and you will need to ensure that the instructions below are compatible with your deployment.

On your UDM Pro tenant under Settings, ADFS SSO Settings

  1. Select enabled
  2. ADFS OAuth Endpoint URL. This should be something like https://adfs.company.com/adfs/oauth2
  3. Paste the Base64 ADFS Server certificate. The CER of your ADFS certificate.

...

Image Added

By default the ADFS Client ID is set to "udm-pro" if your implementation does not accept predefined Client ID's or it does not meet your name conventions you can change the Client ID to meet your requirements.


In ADFS.
1: Create a relying party trust called UDM Pro. In Select Data Source choose ‘Enter Data about your relaying party manually
2: Display Name: UDM Pro
3: AD FS profile (SAML 2.0)
4: No need to configure an encryption certificate (next).
5: No need to configure a URL (next).
6: Relying party trust identifier: This is your UDM Pro login URL, so https://tenant.enoten.com/login Add.
7: No need to configure multi-factor auth settings ‘I do not want to configure…’ (next).
8: Permit all users access
9: Finish, The ‘Open edit the claim rules’ checkbox should be selected.
10: Add rule, select ‘Send LDAP attributes as claims’. (nex
11: Claim rule name: LDAP Attributes.
12: Attribute store: select Active Directory
13: Under LDAP Attribute select ‘User-Principal-Name’ from the drop-down: Under Outgoing Claim Type select ‘Name ID’ from the drop-down.
Under LDAP Attribute select ‘Token-Groups - Unqualified Names’ from the drop-down. Under Outgoing Claim Type select ‘Group’ from the drop-down.

In PowerShell:
Add-AdfsClient -Name "UDM Pro" -ClientId "udm-pro" -RedirectUri "https://tenant.enoten.com/login"

For ADFS 4 you may need to use the command:

Grant-AdfsApplicationPermission -ClientRoleIdentifier "udm-pro" -ServerRoleIdentifier "https://tenant.enoten.com/login"


Return to ADFS SSO Settings in UDM Pro and click Test Connection. After a few seconds, this should return Test Successful

...