Tovuti support several single sign-on providers. This article outlines the steps to set up ADFS and covers the following concepts:
- Set ADFS as SSO Provider in Tovuti
- Configure ADFS as Identity Provider (IDP)
- Finish Configuring Tovuti as Service Provider (SP)
- User Profile Field and Attribute Mapping
- User Group Mapping
- Enable Login Link
Set ADFS as SSO Provider in Tovuti
Go to Configuration > click Single Sign-On > click New
Details tab
In the Details tab, give this provider a Title. It is suggested that the title contains a reference to ADFS for easy selection in the future. Select ADFS in SAML Application.
Service Provider Settings tab
In the Service Provider Settings tab, a unique EntityID/Issuer is created for this domain.
Configure ADFS as Identity Provider (IDP)
In ADFS, click on Add Relying Party Trust > cick Start
In Select Data Source, select Enter data about the relying party manually > click Next.
In Specify Display Name, select Enter Display Name > click Next.
In Choose Profile, select the option AD FS Profile > click Next.
In Configure URL, check Enable support for the SAML 2.0 WebSSO protocol. Enter the ACS URL from the plugin found in Relying Party 2.0 SSO Service URL field. Click Next.
In Configure Identifiers, enter the SP-Entity ID/Issuer URL from the plugin found in Relying Party Trust Identifier. Click Add > click Next.
In Configure Multi-factor Authentification, select "I do not want to configure multi-factor authentication settings for this relying party trust > click Next.
In Choose Issuance Authorization Rules, select permit all users to access this relying party > click Next.
In Ready to Add Trusts, click Next.
Check Open the Edit Claim Rules dialog and click close. Click Add Rule and select "Send LDAP Attributes as Claims." Enter the following:
- Claim rule name > Enter claim rule name (any). For example Attributes
- Attribute Store > Active Directory
- LDAP Attribute > Email-Addresses
- Outgoing Claim Type > Name ID
Click the Finish button.
For more information directly from AD FS on this process, see the following documentation.
Finish Configuring Tovuti as Service Provider (SP)
In the ADFS Setup Instructions tab, the Identity Provider Issuer, Identity Provider Single Sign-on URL, and X.509 Certificate are shown.
Copy this information and paste it into the Identity Provider Settings Tab.
Click Update > click Test Configuration. This shows what Attributes and Values are being sent in the Okta SAML Assertion. This ultimately helps with Fields and Groups.
User Profile Field and Attribute Mapping
After configuring all the settings in ADFS > click the User Profile Field Mapping tab in Tovuti
Enable the desired settings and provide the attributes found in ADFS. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab syncs the profile field and attribute information between Tovuti and ADFS. The details of the User Profile Field Mapping tab are covered in this Help Center article.
While auto-registering the users on the Tovuti site, these attributes automatically map to Tovuti user details.
User Group Mapping
Click the User Group Mapping tab.
Enable the desired settings and provide the attributes found in ADFS. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab syncs group information between Tovuti and ADFS. The details of the User Group Mapping tab are covered in this Help Center article.
While auto-registering, the users are assigned roles based on the group they are mapped to.
At any time, the configuration can be tested in the Identity Provider Settings tab.
It is recommended to run multiple tests over time to ensure everything is working properly.
Enable Login Link
Go to Details Tab > toggle Yes on Add Login Link to Navigation > Select the menu where this link appears and give the link a name.
Click Save.