• No results found

360 Online authentication

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "360 Online authentication"

Copied!
14
0
0

Loading.... (view fulltext now)

Download now ( 14 Page )

Full text

(1)

360° Online authentication

Version October 2015

(2)

Contents

1 Introduction ... 2

2 Authentication using Office 365 ... 2

2.1 Introduction ... 2

2.2 Prerequisites ... 2

2.3 Step by step ... 3

3 Authentication using on-premise Active Directory Federation Services ... 6

3.1 Introduction ... 6

3.2 Prerequisites ... 6

3.3 Integration setup – step by step ... 7

4 Finding the WS-Federation URL ... 14

1 Introduction

Users for 360° Online are authenticated by Azure Access Control Service (ACS), which supports several authentication sources, including:

 Office 365

 on-premise Active Directory Federation Services.

This document explains how to configure ACS to work with these two authentication methods.

2 Authentication using Office 365

2.1 Introduction

The following steps are required to enable authentication of 360° Online user with Office 365:

a. Create a Windows Azure account

b. Configure 360° Online as a new application in your organisation’s Azure Active Directory

2.2 Prerequisites

The administrator account for your organisation’s Office 365 subscription.

A valid credit card for the registration of the Windows Azure account. The Azure Active Directory is a free service but registration requires a valid credit card for payment method.

(3)

2.3 Step by step

STEP 1: Verify that you have the administrator account

Open https://portal.office.com in your browser and log in. If you can see Office 365 admin center, you have the correct account information.

STEP 2: Register for a Windows Azure account

1. Open https://account.windowsazure.com/SignUp in your browser.

2. Sign in with your Office 365 administrator account.

3. Complete the registration form, enter verification code and enter your organization’s credit card information.

4. Select the Pay-As-You-Go offer and complete the registration. Once the page displays your current subscription, you can continue to the next step.

STEP 3: Add an application to Azure Active Directory

1. Open https://manage.windowsazure.com in your browser and log in with your Office 365 administrator account. The credentials for both your Office 365 subscription and your Azure Account are the same.

(4)

3. Select APPLICATIONS in the top menu.

4. Click ADD on the bottom menu and click Add an application my organization is developing in the next window.

5. Enter the name of your application - Business 360 Online or Public 360 Online– and click the right arrow to continue.

6. To establish a trust between your Office 365 authentication and Software Innovation’s authentication, enter the following URL in both fields and click the check button:

https://360online-ne.accesscontrol.windows.net/

(5)

STEP 4: Retrieve Federation Metadata Document URL

1. Click ENABLE USERS TO SIGN ON.

2. Copy the FEDERATION METADATA DOCUMENT URL and send it to Software Innovation’s Customer Success Team – [email protected].

(6)

3 Authentication using on-premise Active Directory

Federation Services

3.1 Introduction

The following steps are required to enable authentication of 360° Online users via on-premise Active Directory:

a) On-Premise deployment of Active Directory Federation Services (ADFS) to enable Active Directory federation

b) Configure on-premise ADFS with Azure Access Control Service (ACS) as a trusted relying party This document describes (b). (a) is a prerequisite, as described below.

If you need help with this setup, contact Software Innovation. Our authentication specialists will be happy to advise you.

3.2 Prerequisites

The following are prerequisites for enabling ADFS – ACS integration:

 ADFS server (ADFS 2.0 or higher/Windows Server 2008 R2 or higher) has been setup on-premise.

These documents provide relevant information:

TechNet - ADFS Deployment Guide

TechNet - Best Practices for Secure Planning and Deployment of AD FS

ADFS Federation metadata URL of the following format should be publically accessible

https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml

 Tenant specific Azure ACS namespace has been configured and the Azure ACS Federation metadata URL is publicly accessible.

(7)

3.3 Integration setup – step by step

The following steps setup trust between ADFS and ACS:

STEP 1: Navigate to ADFS management screen and click on Add Relying Party Trust

(8)

STEP 3: In the “Select Data Source” step add the following metadata URL address https://360online-ne.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml

Click Next to continue.

(9)

STEP 5: “Permit all users to access this relying party” is the default selection. Click on Next to continue with next step.

(10)

STEP 7: Click on Close to launch Edit Claims Rules dialog.

(11)

STEP 9: Select “Send LDAP Attributes as Claims” and click Next.

(12)

STEP 11: Click on Add Rule again to add Windows Account Name to the set of claims. Select “Pass Through or Filter an Incoming Claim”. Click Next to continue.

(13)

STEP 13: Click on Add Rule again to add UPN to the set of claims. Select “Pass Through or Filter an Incoming Claim”. Click Next to continue.

(14)

STEP 15: Click OK to close the Edit Claim Rules dialog and end the configuration setup.

4 Finding the WS-Federation URL

The URL for the FederationMetadata.xml is standardized for all ADFS installations. Assuming your ADFS instance is hosted at https://adfs.contoso.com, the WS-Federation URL with the

FederationMetadata.xml is located at https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml.

References

Download now ( PDF - 14 Page - 1.16 MB )

Related documents