Configuring ADFS 2.0 for Use with DocAve 6. User Guide

Similar documents
AvePoint CRM Migration Manager for Microsoft Dynamics CRM. Release Notes

DocAve for Office 365 Sustainable Adoption

Collecting Logs and Troubleshooting. Troubleshooting Guide

AvePoint Record Rollback for Microsoft Dynamics CRM

AvePoint Record Rollback for Microsoft Dynamics CRM

AvePoint Record Rollback for Microsoft Dynamics CRM. Release Notes

AvePoint Meetings for SharePoint Online. Configuration Guide

AvePoint Timeline Pro for Microsoft Dynamics CRM. Installation and Configuration Guide

AvePoint SearchAll for Microsoft Dynamics CRM

AvePoint CallAssist for Microsoft Dynamics CRM. Installation and Configuration Guide

AvePoint Tags 1.1 for Microsoft Dynamics CRM. Installation and Configuration Guide

AvePoint SearchAll for Microsoft Dynamics CRM

AvePoint Record Rollback for Microsoft Dynamics CRM

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

ADFS Integration Guidelines

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

User Guide. DocAve Lotus Notes Migrator for Microsoft Exchange 1.1. Using the DocAve Notes Migrator for Exchange to Perform a Basic Migration

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

VMware Identity Manager Integration with Active Directory Federation Services 2.0

DocAve 6 Service Pack 1 Job Monitor

CA Nimsoft Service Desk

ADFS for. LogMeIn and join.me authentication

etoken Enterprise For: SSL SSL with etoken

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

How to Configure a Secure Connection to Microsoft SQL Server

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

Security Assertion Markup Language (SAML) Site Manager Setup

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Windows Server Update Services 3.0 SP2 Step By Step Guide

Wavecrest Certificate

DocAve. Installation and User Guide. File Share Navigator 3. Service Pack 1 Cumulative Update 1. Issued August 2015

ECA IIS Instructions. January 2005

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

DocAve 4.1 SharePoint Disaster Recovery High Availability (SPDR HA) User Guide

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Lab Answer Key for Module 9: Active Directory Domain Services. Table of Contents Lab 1: Exploring Active Directory Domain Services 1

CA NetQoS Performance Center

Microsoft Office 365 Using SAML Integration Guide

Configuration Guide. SafeNet Authentication Service AD FS Agent

Lab Answer Key for Module 6: Configuring and Managing Windows SharePoint Services 3.0. Table of Contents Lab 1: Configuring and Managing WSS 3.

Generating an Apple Enterprise MDM Certificate

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

StarWind iscsi SAN & NAS: Configuring HA Shared Storage for Scale- Out File Servers in Windows Server 2012 January 2013

EVault Endpoint Protection 7.0 Single Sign-On Configuration

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

DocAve Website Migrator 2.2 for Microsoft SharePoint

StarWind iscsi SAN & NAS: Configuring HA File Server on Windows Server 2012 for SMB NAS January 2013

Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide

StarWind iscsi SAN Configuring HA File Server for SMB NAS

StarWind iscsi SAN: Configuring HA File Server for SMB NAS February 2012

HOTPin Integration Guide: DirectAccess

How to Secure a Groove Manager Web Site

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Installation Guide. SafeNet Authentication Service

Secure Agent Quick Start for Windows

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

StarWind SMI-S Agent: Storage Provider for SCVMM April 2012

Symantec Managed PKI. Integration Guide for ActiveSync

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

StarWind iscsi SAN & NAS: Multipathing October 2012

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Dell Statistica Document Management System (SDMS) Installation Instructions

AD RMS Step-by-Step Guide

Generating an Apple Push Notification Service Certificate

SafeNet Authentication Service

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

LifeSize Control Installation Guide

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

StarWind iscsi SAN Software: Using StarWind with MS Cluster on Windows Server 2008

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

The cloud server setup program installs the cloud server application, Apache Tomcat, Java Runtime Environment, and PostgreSQL.

Windows SharePoint Services Installation Guide

LAB 1: Installing Active Directory Federation Services

Server Installation Guide ZENworks Patch Management 6.4 SP2

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide

Business Portal for Microsoft Dynamics GP. Key Performance Indicators Release 10.0

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

DocAve 4.1 Backup User Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Setup Guide for AD FS 3.0 on the Apprenda Platform

ACTIVID APPLIANCE AND MICROSOFT AD FS

SolarWinds Technical Reference

Transcription:

Configuring ADFS 2.0 for Use with DocAve 6 User Guide September 2015

REVISION HISTORY Table 1 Version Effective Date Summary of Changes 1.0 09/2015 Initial version. Page 2 of 10 Configuring ADFS for Use DocAve 6

TABLE OF CONTENTS Revision History... 2 Table of Contents... 3 Overview... 4 Installing ADFS on Windows Server... 5 Configuring ADFS 2.0... 5 Configuring Trust Relationships... 6 Exporting the Token Signing Certificate... 7 Managing Trust with the Token Signing Certificate... 8 Configure DocAve to Use the Relying Partner Trusts... 9 Notices and Copyright Information... 10 Page 3 of 10 Configuring ADFS for Use DocAve 6

OVERVIEW Active Directory Federation Services (ADFS) 2.0 is a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. *Note: This guide presumes that your environment already has a fully functional Active Directory (AD), SQL Server, SharePoint 2013 farm using the default claim authentication method, and DocAve Manager with the default Windows Authentication installed and configured. This guide is applicable to all versions of DocAve 6. To install and configure ADFS for use with DocAve 6, see the following sections: 1. Installing ADFS 2. Configuring Trust Relationships 3. Manage Trust with the Token Signing Certificate 4. Configure DocAve to Use the Trusted Relying Partner Page 4 of 10 Configuring ADFS for Use DocAve 6

INSTALLING ADFS ON WINDOWS SERVER To install ADFS on your Windows Server, follow the instructions below: *Note: If you are using Windows Server 2012 or later, the ADFS feature has been integrated into the operating system, which means you need not to download and install it. Continue to the Configuring ADFS 2.0 section. 1. Download the ADFS installer from http://www.microsoft.com/engb/download/details.aspx?id=10909 2. Run AdfsSetup.exe to begin the wizard. 3. At the Server Role screen, choose Federation Server. 4. Complete the installation by clicking Next for each screen. 5. Click Finish to start the ADFS 2.0 Management snap-in. Configuring ADFS 2.0 To configure ADFS 2.0, follow the steps below on your Windows Server: 1. Open the ADFS 2.0 Management Console on the Federation Server (ADFS01Srv.ADFS01.NET). 2. Click AD FS 2.0 Federation Server Configuration Wizard in the management console. The wizard appears. 3. Select Create a new Federation Service, and click Next. 4. Select New federation server farm or Stand-alone federation server according to your environment requirements. New federation server farm will create a new Federation Service with settings for high availability and load balancing. This computer will be the primary federation server in the farm. Stand-alone federation server will create a new Federation Service on this computer. This option is recommended for evaluation purposes or small production environments, because you cannot add more servers to create a farm after selecting this option. 5. Select the SSL certificate and port, and click Next. 6. Enter a service account and password into the appropriate text boxes and click Next. *Note: The same service account must be used on all federation servers in the farm. 7. Review the certificate information on the summary page. 8. Click Finish to complete the wizard. Page 5 of 10 Configuring ADFS for Use DocAve 6

Configuring Trust Relationships By configuring the Relying Party Trusts, you can specify the claims sent to DocAve. Additional claims can be sent, but a unique identifier is required. SharePoint can use the following types of claims: User Principle Name (UPN), for example user@avepoint E-Mail Address, for example user@avepoint.com Common Name, which is an arbitrary string To configure the Relying Party Trusts, follow the steps below on your Windows Server: 1. Open the ADFS 2.0 Management Console on the ADFS Server. 2. Select Trust Relationships. 3. Right-click Relying Party Trusts, and select Add Relying Party Trust. 4. Complete the wizard with the following information: *Note: WS-Federation and SAML 1.0, 1.1, and 2.0 protocols are all supported by DocAve. a. Click Start on the configuration wizard. b. Select Enter data about the relying party manually and click Next. c. Enter the display name into the Specify Display Name field, and click Next. d. Select AD FS profile (2.0), and click Next. e. On the Configure Certificate page, click Browse to browse to and locate a certificate file and add it to the list of certificates, and then click Next. f. Select Enable support for the WS-Federation Passive protocol, enter the Relying party WS-Federation Passive protocol URL, and click Next. g. In the Relying party trust identifiers field, remove the default Relying Party Trust identifiers and enter the URL you want to use. Click Add, and click Next. h. Select Permit all users to access this relying party and click Next. i. Review settings you have configured in the above steps to ensure each has been correctly configured. Click Next. j. Select Open the edit Claims Rules Dialog for this relying party trust when the wizard closes, and click Close. The Edit Rules for SharePoint ADFS page appears. k. Navigate to the Issuance Transform Rules tab, and select Add Rule. Page 6 of 10 Configuring ADFS for Use DocAve 6

l. Select Send LDAP Attributes as Claims, and click Next. m. Configure the following information in the Configure Rule page: o o o o Claim Rule Name: Email Address Attribute Store: Active Directory LDAP Attribute: E-Mail-Addresses Outgoing Claim Type: E-Mail Address Figure 1: Configuring the Claim Rule Exporting the Token Signing Certificate After configuring Trusted Relationships, the token signing certificate must be exported to the DocAve Server that will be configured as the trust relationship between the DocAve Server and ADFS Server. To export the token signing certificate, follow the steps below: 1. Open the ADFS 2.0 management console on the ADFS Server. 2. Select Service. 3. Select Certificates, and double-click Token-signing certificate. 4. Select the Details tab. 5. Select Copy to File, and select the following options: No do not export the private key DER encoded binary X.509 (.CER) 6. Save the file as ADFS01Srv_Token.cer. Page 7 of 10 Configuring ADFS for Use DocAve 6

Managing Trust with the Token Signing Certificate The token signing certificate must be added to the Trusted Root Certification Authorities in DocAve. To add the token signing certificate to DocAve, follow the steps below: 1. Navigate to the DocAve Control server. 2. Click Start > Run > Microsoft Management Console. 3. Click File > Add/Remove Snap-in 4. In the Available Snap-ins area, select Certificates and add it to the Selected Snap-in area. 5. In the Certificates snap-in dialog, select Computer account > Next > Local computer > Finish. 6. Double-click Certificates(Local Computer). 7. Expand the Trusted Root Certification Authorities tree. 8. Right-click on Certificates below the Trusted Root Certification Authorities, and select All Tasks > Import 9. Click Next > Browse and select Token-signing Cert > Next > Next > Finish. After completing the steps above, the console will look similar to the screenshot below. Figure 2: Adding the token signing certificate to DocAve Page 8 of 10 Configuring ADFS for Use DocAve 6

CONFIGURE DOCAVE TO USE THE RELYING PARTNER TRUSTS To configure DocAve to use the Relying Party Trusts that were set up in the previous sections, follow the steps below: 1. Log into DocAve Manager. 2. Navigate to DocAve Control Panel > Authentication Manager > ADFS Integration > ADFS Integration. 3. In ADFS Integration Method, select Manually. 4. In the ADFS Issuer area, enter the ADFS Issuer URL. 5. In the Relying Party Identifier area, enter the value configured in step g. of Configuring Trust Relationships. 6. In the Token-signing area, click Select and find the token signing certificate that you placed in trust store. 7. In the Claim Configuration area, enter the correct Claim Name and Claim Type of the e-mail claim information. Name: Email Address Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 8. Remove the other default claims from the Claim Configuration area. 9. ADFS is now configured for use with DocAve. Page 9 of 10 Configuring ADFS for Use DocAve 6

NOTICES AND COPYRIGHT INFORMATION Notice The materials contained in this publication are owned or provided by AvePoint, Inc. and are the property of AvePoint or its licensors, and are protected by copyright, trademark and other intellectual property laws. No trademark or copyright notice in this publication may be removed or altered in any way. Copyright Copyright 2015 AvePoint, Inc. All rights reserved. All materials contained in this publication are protected by United States and international copyright laws and no part of this publication may be reproduced, modified, displayed, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written consent of AvePoint, 3 Second Street, Jersey City, NJ 07311, USA or, in the case of materials in this publication owned by third parties, without such third party s consent. Notwithstanding the foregoing, to the extent any AvePoint material in this publication is reproduced or modified in any way (including derivative works and transformative works), by you or on your behalf, then such reproduced or modified materials shall be automatically assigned to AvePoint without any further act and you agree on behalf of yourself and your successors, assigns, heirs, beneficiaries, and executors, to promptly do all things and sign all documents to confirm the transfer of such reproduced or modified materials to AvePoint. Trademarks AvePoint, DocAve, the AvePoint logo, and the AvePoint Pyramid logo are registered trademarks of AvePoint, Inc. with the United States Patent and Trademark Office. These registered trademarks, along with all other trademarks of AvePoint used in this publication are the exclusive property of AvePoint and may not be used without prior written consent. Microsoft, MS-DOS, Internet Explorer, Office, Office 365, SharePoint, Windows PowerShell, SQL Server, Outlook, Windows Server, Active Directory, and Dynamics CRM 2013 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Adobe Acrobat and Acrobat Reader are trademarks of Adobe Systems, Inc. All other trademarks contained in this publication are the property of their respective owners and may not be used without such party s consent. Changes The material in this publication is for information purposes only and is subject to change without notice. While reasonable efforts have been made in the preparation of this publication to ensure its accuracy, AvePoint makes no representation or warranty, expressed or implied, as to its completeness, accuracy, or suitability, and assumes no liability resulting from errors or omissions in this publication or from the use of the information contained herein. AvePoint reserves the right to make changes in the Graphical User Interface of the AvePoint software without reservation and without notification to its users. AvePoint, Inc. Harborside Financial Center, Plaza 10 3 Second Street, 9th Floor Jersey City, New Jersey 07311 USA Page 10 of 10 Configuring ADFS for Use DocAve 6