Set ADFS as SSO Provider in Tovuti
Go to Configuration > Click Single Sign-On > Click New
Enter the title and details. It is suggested that the title contains a reference to ADFS for easy selection in the future. Select ADFS in “SAML Application.”
Go to the Service Provider Settings tab. A unique EntityID/Issuer is created for this domain.
Configure ADFS as Identity Provider (IDP)
In ADFS, click on "Add Relying Party Trust" > Click Start
In Select Data Source, select "Enter data about the relying party manually." Click Next.
In Specify Display Name, select "Enter Display Name." Click Next.
In Choose Profile, select the option "AD FS Profile." Click Next.
In Configure URL, check "Enable support for the SAML 2.0 WebSSO protocol." Enter the ACS URL from the plugin found in Relying Party 2.0 SSO Service URL field. Click Next.
In Configure Identifiers, enter the SP-Entity ID/Issuer URL from the plugin found in Relying Party Trust Identifier. Click Add. Click Next.
In Configure Multi-factor Authentification, select "I do not want to configure multi-factor authentication settings for this relying party trust." Click Next.
In Choose Issuance Authorization Rules, select "permit all users to access this relying party." Click Next.
In Ready to Add Trusts, click Next.
Check Open the Edit Claim Rules dialog and click close. Click Add Rule and select "Send LDAP Attributes as Claims." Enter the following:
- Claim rule name > Enter claim rule name (any). For example Attributes
- Attribute Store > Active Directory
- LDAP Attribute > Email-Addresses
- Outgoing Claim Type > Name ID
Click the Finish button.
For more information directly from AD FS on this process, see the following documentation.
Finish Configuring Tovuti as Service Provider (SP)
In the ADFS Setup Instructions will be found the Identity Provider Issuer, Identity Provider Single Sign-on URL, and X.509 Certificate.
Copy this information and paste it into the "Identity Provider Settings Tab."
Click Update >Click Test Configuration. This will show you what Attributes and Values are being sent in the Okta SAML Assertion. This will ultimately help with Fields and Groups.
User Profile Field and Attribute Mapping
After configuring all the settings in ADFS > click the "User Profile Field Mapping" tab in Tovuti
Enable the desired settings and provide the attributes found in ADFS. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab will sync profile field and attributes information between Tovuti and ADFS. While auto-registering the users in your Tovuti site these attributes will automatically be mapped to your Tovuti user details.
User Group Mapping
Click the "User Group Mapping" tab.
Enable the desired settings and provide the attributes found in ADFS. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab will sync group information between Tovuti and ADFS. While auto-registering, the users are assigned roles based on the group they are mapped to.
At any time, the configuration can be tested in the "Identity Provider Settings" tab.
It is recommended to run multiple tests over time to ensure everything is working properly.
Enable Login Link
Go to Details Tab > toggle Yes on "Add Login Link to Navigation" > Select the menu where this link will appear and give the link a name.
Click Save.