Skip to main content
This is a custom warning

Does the component apply visual style — color, typography, icons, space, borders, and more — using appropriate variable tokens?

Tovuti Impacted

Our engineering team is aware of the current issue regarding slow connection speed to Tovuti sites, and is actively working on the issue.

Please check back here for updates.

Email support@tovutiteam.com if you have any questions.

Tovuti Client Marketplace!

Please visit our Tovuti Marketplace to view our product offerings at Tovuti! From your own Ticketing Portal for End Users to Native Integrations to Professional and Managed Services!



Refer your Network!

Sign up for our Client Referral Program! Refer them to Tovuti and if they become a client, you’ll get $500. Additionally, they’ll receive a $500 discount on Tovuti’s service!

Reminder! Tovuti Weekly Maintenance Window!

Tovuti's scheduled weekly maintenance window is between 8 AM and 12 PM MT this Saturday.

No downtime is anticipated.

Configure ADFS as the Single Sign-On Provider

  • Updated

Set ADFS as SSO Provider in Tovuti

Go to Configuration > click Single Sign-On > click New

configuration_sso_adfs_01.png

 

In the Details tab, give this provider a Title. It is suggested that the title contains a reference to ADFS for easy selection in the future. Select ADFS in SAML Application.

configuration_sso_adfs_02.png

 

In the Service Provider Settings tab, a unique EntityID/Issuer is created for this domain.

configuration_sso_adfs_03.png

 

Configure ADFS as Identity Provider (IDP)

In ADFS, click on Add Relying Party Trust > cick Start

In Select Data Source, select Enter data about the relying party manually > click Next.

In Specify Display Name, select Enter Display Name > click Next.

In Choose Profile, select the option AD FS Profile > click Next.

In Configure URL, check Enable support for the SAML 2.0 WebSSO protocol. Enter the ACS URL from the plugin found in Relying Party 2.0 SSO Service URL field. Click Next.

In Configure Identifiers, enter the SP-Entity ID/Issuer URL from the plugin found in Relying Party Trust Identifier. Click Add > click Next.

In Configure Multi-factor Authentification, select "I do not want to configure multi-factor authentication settings for this relying party trust > click Next.

In Choose Issuance Authorization Rules, select permit all users to access this relying party > click Next.

In Ready to Add Trusts, click Next. 

Check Open the Edit Claim Rules dialog and click close. Click Add Rule and select "Send LDAP Attributes as Claims." Enter the following:

  • Claim rule name > Enter claim rule name (any). For example Attributes
  • Attribute Store > Active Directory
  • LDAP Attribute > Email-Addresses
  • Outgoing Claim Type > Name ID

Click the Finish button.

 

For more information directly from AD FS on this process, see the following documentation.

 

Finish Configuring Tovuti as Service Provider (SP)

In the ADFS Setup Instructions tab, the Identity Provider Issuer, Identity Provider Single Sign-on URL, and X.509 Certificate are shown.

Copy this information and paste it into the Identity Provider Settings Tab

Click Update > click Test Configuration. This shows what Attributes and Values are being sent in the Okta SAML Assertion. This ultimately helps with Fields and Groups.

configuration_sso_adfs_04.png

 

User Profile Field and Attribute Mapping

After configuring all the settings in ADFS > click the User Profile Field Mapping tab in Tovuti

Enable the desired settings and provide the attributes found in ADFS. Create profile fields by clicking the "+" icon.

Configuring the settings in this tab syncs profile field and attribute information between Tovuti and ADFS. While auto-registering the users on the Tovuti site, these attributes automatically map to Tovuti user details.

configuration_sso_adfs_05.png

 

User Group Mapping

Click the User Group Mapping tab.

Enable the desired settings and provide the attributes found in ADFS. Create profile fields by clicking the "+" icon.

Configuring the settings in this tab syncs group information between Tovuti and ADFS. While auto-registering, the users are assigned roles based on the group they are mapped to.

configuation_sso_adfs_06.png

 

At any time, the configuration can be tested in the Identity Provider Settings tab.

It is recommended to run multiple tests over time to ensure everything is working properly.

configuration_sso_adfs_07.png

 

Enable Login Link

Go to Details Tab > toggle Yes on Add Login Link to Navigation > select the menu where this link appears and give the link a name.

configuration_sso_adfs_08.png

Click Save.

Related articles