• No results found

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide"

Copied!
14
0
0

Loading.... (view fulltext now)

Download now ( 14 Page )

Full text

(1)

Configuring Active Directory with AD FS

and SAML for Brainloop Secure Dataroom

Setup Guide

(2)

Content

1 Introduction ... 3

2 Add Relying Party Trust ... 3

3 Create Claim Rules ... 9

4 Add SAML Logout ... 12

(3)

1

Introduction

This setup guide is intended for system administrators configuring Active Directory with AD FS (Active Directory Federation Services) and SAML for use with Brainloop Secure Dataroom.

For information on setting up SAML authentication in Brainloop Secure Dataroom, please refer to our SAML setup and user guide “Configuring SAML Authentication for Brainloop Secure Dataroom”.

2

Add Relying Party Trust

1. Start AD FS Management.

2. Select the Relying Party Trusts folder from AD FS Management. 3. Add a new Standard Relying Party Trust from the Actions sidebar.

This starts the configuration wizard for a new trust.

4. In the Welcome screen, click Start.

(4)

6. In the Specify Display Name screen, enter a Display name that you recognize in the future and any notes you want to make, then click Next.

(5)

7. In the Choose Profile screen, select the AD FS profile option and click Next.

(6)

9. In the Configure URL screen, enable the Enable support for the SAML 2.0 WebSSO protocol option. As the service URL, enter https://my.brainloop.net/newlogin/saml.aspx (or replace “my.brainloop.net” with your server domain) and click Next.

10. In the Configure Identifiers screen, in the Relying party trust identifier field, enter

(7)

11. In the Configure Multi-factor Authentication Now screen, select the I do not want to configure multi-factor authentication settings for this relying party trust at this time option and click Next.

12. In the Choose Issuance Authorization Rules screen, select the Permit all users to access this relying party option and click Next.

(8)

13. In the Ready to Add Trust screen, an overview of your settings is displayed. Click Next.

(9)

3

Create Claim Rules

1. Once you have completed all the steps described in the previous chapter, the Edit Claim Rules editor is displayed:

2. Click Add Rule.

(10)

4. In the Configure Claim Rule screen, enter a Claim rule name and select Active Directory as your Attribute store.

5. Next, make the following settings:

- In the LDAP Attribute column, select E-Mail Addresses. - In the Outgoing Claim Type column, select E-Mail Address. 6. Click Finish.

7. Now, create another new rule by clicking Add Rule, this time selecting Transform an Incoming Claim as the template.

(11)

8. In the Configure Claim Rule screen, enter a Claim rule name and make the following settings: - Incoming claim type: select E-Mail Address

- Outgoing claim type: select Name ID - Outgoing name ID format: select Email

- Leave the default rule Pass through all claim values enabled.

9. Click Finish.

(12)

4

Add SAML Logout

1. From the Actions sidebar or from the context menu on the created Relying Party Trust, select Properties.

(13)

3. Make the following settings:

- Endpoint type: select SAML Logout - Binding: select POST

- Trusted URL: type https://my.brainloop.com/newlogin/SingleSingOut.aspx

4. Click OK.

5. Confirm your changes by clicking OK in the properties dialog.

IMPORTANT: In order to be able to log in with SAML, e-mail addresses for users must be defined.

(14)

5

Appendix: Document revision history

Version Date of change Revision

References

Download now ( PDF - 14 Page - 570.52 KB )

Related documents

Installing and Configuring VMware Workspace Portal

To configure Workspace to provide interactive Windows Authentication for multi-domains or trusted multi- forest Active Directory domains, you must join Workspace to the Active

i-mobile Multi-Factor Authentication

After the user logs in with their password plus one-time PIN, the OFX server will send the user an email notifying them their client has been successfully registered.. This

Configuration Guide. SafeNet Authentication Service AD FS Agent

Via policy, AD FS in Windows Server 2012 R2 introduces a new rule set called “additional authentication rules” that are used for triggering multi factor authentication.. As with

LucidNAS Quick Start Guide

* using an Active Directory server authentication to provide access to a share In order to use Active Directory authentication, you must configure SAMBA and successfully join an

MCTS: Active Directory (Server 2008)

May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation Configure Active Directory

Brainloop Secure Dataroom Version QR Code Scanner Apps for ios Version 1.1 and for Android

Once you have installed the app, you have register your mobile phone with Brainloop Secure Dataroom and configure QR codes as a two-factor authentication method in your user

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

You can now access any MFA-based resource, use the user portal to enable a one-time bypass for MFA authentication, change the notification method, update the contact number,

Multi-Factor Authentication Reference Guide

Once you receive this temporary access code, enter it into the Secure Access Code field of VIPbanker™ within 15 minutes of receipt.. Click