SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy



Similar documents
Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Access Gateway Advanced Edition

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

SSH to Ubuntu Server Authenticating Users Using SecurAccess Server by SecurEnvoy

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

ADFS Integration Guidelines

SecurEnvoy IIS Web Agent. Version 7.2

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

SecurEnvoy Windows Login Agent

CA Nimsoft Service Desk

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Defender Token Deployment System Quick Start Guide

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

OneLogin Integration User Guide

Security Assertion Markup Language (SAML) Site Manager Setup

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

360 Online authentication

HOTPin Integration Guide: DirectAccess

Egnyte Single Sign-On (SSO) Installation for OneLogin

Microsoft Office 365 Using SAML Integration Guide

Configuring Salesforce

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

ACTIVID APPLIANCE AND MICROSOFT AD FS

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Egnyte Single Sign-On (SSO) Installation for Okta

BlackShield ID Agent for Remote Web Workplace

EVault Endpoint Protection 7.0 Single Sign-On Configuration

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Single Sign On for ShareFile with NetScaler. Deployment Guide

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Cloud Services ADM. Agent Deployment Guide

Active Directory Federation Services

Cloud Authentication. Getting Started Guide. Version

NSi Mobile Installation Guide. Version 6.2

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Configuring EPM System for SAML2-based Federation Services SSO

Flexible Identity Federation

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Copyright 2013, 3CX Ltd.

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Getting Started with AD/LDAP SSO

ADFS for. LogMeIn and join.me authentication

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

INSTALLATION INSTRUCTIONS FOR UKSSOGATEWAY

T his feature is add-on service available to Enterprise accounts.

Deploying RSA ClearTrust with the FirePass controller

QUANTIFY INSTALLATION GUIDE

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

IIS, FTP Server and Windows

Configuring SuccessFactors

Mobile Device Management Version 8. Last updated:

Multi-factor Authentication using Radius

Integration Overview. Web Services and Single Sign On

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Authentication Node Configuration. WatchGuard XTM

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SecurEnvoy Reporting Wizard

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Okta/Dropbox Active Directory Integration Guide

Connected Data. Connected Data requirements for SSO

CA Performance Center

FTP, IIS, and Firewall Reference and Troubleshooting

External Authentication with Cisco Router with VPN and Cisco EZVpn client Authenticating Users Using SecurAccess Server by SecurEnvoy

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Introductions. Christopher Cognetta Practice Manager Client Field Engineering Microsoft Dynamics CRM MVP

Active Directory Management. Agent Deployment Guide

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

Egnyte App for Android Quick Start Guide

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Windows 7 Hula POS Server Installation Guide

BlackShield ID Best Practice

Transcription:

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale Reading RG7 4AB Tony Davis tdavis@securenvoy.com

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 This document describes how to integrate SalesForce configured for SSO to a local ADFS 2.0 service with SecurEnvoy two-factor Authentication solution called SecurAccess SalesForce is a customer relationship management tool (CRM) that can be configured to use a local Active Directory Federation Service (ADFS) to enable local users to sign on with their existing AD credentials. SecurAccess provides two-factor, strong authentication for remote Access solutions (such as SalesForce), without the complication of deploying hardware tokens or smartcards. Two-Factor authentication is provided by the use of (your PIN and your Phone to receive the one time passcode) SecurAccess is designed as an easy to deploy and use technology. It integrates directly into any LDAP server and negates the need for additional User Security databases. SecurAccess consists of two core elements: a Radius Server and Authentication server. The Authentication server is directly integrated with LDAP in real time. SecurEnvoy Security Server can be configured in such a way that it can use the existing LDAP password. Utilizing the LDAP password as the PIN, allows the User to enter their UserID, Domain password and One Time Passcode received upon their mobile phone. This authentication request is passed via the Radius protocol to the SecurEnvoy Radius server where it carries out a Two-Factor authentication. It provides a seamless login into the Windows Server environment by entering three pieces of information. SecurEnvoy utilizes a web GUI for configuration. All notes within this integration guide refer to this type of approach. The equipment used for the integration process is listed below: SalesForce SalesForce Cloud Account Microsoft Microsoft Server 2008 R2 with ADFS 2.0 Installed SecurEnvoy Microsoft Server (any version) IIS installed with SSL certificate (required for management and remote administration) Active Directory installed or connection to Active Directory via LDAP protocol. SecurAccess software release v7.2.504 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 2

Index 1.0 Prerequisites... 3 1.1 Configure ADFS and SalesForce... 6 1.2 Testing ADFS and SalesForce... 7 2.0 Configure IIS Agent for Default Website... 6 2.1 Configure IIS Agent for ADFS... 7 2.2 Configure logout URL... 8 2.3 Configure Basic Authentication... 8 3.0 Test the Two Factor Authentication... 9 3.1 Successful Logon with 2FA... 10 4.0 Notes... 11 1.0 Prerequisites Securenvoy Security Server has been installed with the Radius service and has a suitable account that has read and write privileges to the Active Directory. If firewalls are between the SecurEnvoy Security server, Active Directory servers, and the ADFS server(s), additional open ports will be required. IIS Agent has been installed as per the SecurEnvoy IIS Agent Installation and Admin Guide: https://www.securenvoy.com/integrationguides/iis%20agent%20installation%20guide.pdf The following table shows what token types are supported. Token Type Supported Real Time SMS or Email Preload SMS or Email Soft Token Code Soft Token Next Code Voice Call One Swipe 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 3

1.1 Configure ADFS and SalesForce Install and configure ADFS using the following guide: http://technet.microsoft.com/en-us/library/dd807092(v=ws.10).aspx Go to SalesForce and navigate to the following: Setup>Security Controls>Single Sign-On Settings Provide the following: Name Issuer Identity Provider Certificate SAML Identiy Type SAML Identity Location Identity Provider Login URL API Name Entity Id Save the settings and download the Metadata xml file Open AD FS 2.0 Management and add a new Relying Party Trust : Select Data Source and select Import data about the relying party from file Browse and select the Metadata xml file we exported from SalesForce previously. Work through the wizard, entering Display Name and Permit all users to access this relying party. Note Ensure you have Open Edit Claims Rules Dialog ticked within the final dialog 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 4

Within the Edit Claim Rules Dialog select Add Rule Enter the following: Claim rule name Email as NameID Attribute store Active Directory LDAP Attribute E-Mail-Addresses Outgoing Claim Type Name ID Click Finish 1.2 Testing ADFS and SalesForce Point your browser to your ADFS ldp-initiated logon URL and specify the logintorp parameter as the Salesforce SAML entity ID: E.g.https://salesforce.testlab.local/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://salesforc e.testlab.local This should redirect you and sign you into SalesForce. If you get a SalesForce login error, use the SAML assertion validator tool on the SalesForce single sign-on configuration page. It will display the results of the last failed SAML login. Note If you get an error from ADFS, check the ADFS logs: Server Manager\Diagnostics\Applications and Services Logs\ADFS 2.0\Admin. 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 5

2.0 Configure IIS Agent for Default Website Launch the IIS management interface, either from Start, Administration Tools or from the Server Manager Expand the sites list on the navigation pane and select Default Web Site, then scroll down the centre panel and press the SecurEnvoy Two Factor icon. Enable the tick box to Enable Authentication On Site Default Web Site Click Apply when complete. 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 6

2.1 Configure IIS Agent for ADFS Under Default Web Site, expand adfs and select ls, scroll down the centre panel and select SecurEnvoy Two Factor Select the check box Enable Authentication On /adfs/ls Select Form Based Authentication (The Default) Click Apply to finish Cancel restart IIS when prompted. Note The virtual directory SecurEnvoyAuth MUST be a member of the ADFSAppPool 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 7

2.2 Configure logout URL In the Navigation pane, select top level host name (the 2nd line down). Scroll down the centre panel and press the SecurEnvoy Two Factor icon. Setup your required inactivity timeout. Add the logout URL wsignoutcleanup Restart IIS when prompted. 2.3 Configure Basic Authentication Navigate back to Default Web Site > adfs > ls and select the Authentication icon Make sure that only Basic Authentication is Enabled 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 8

3.0 Test the Two Factor Authentication Test the Two Factor Web authentication by opening a browser and going to the URL for the Web server i.e. https://your_server_na me/adfs/ls (Don t forget the https) User logon screen is shown. Enter your UsedID and Password: User is then presented with their two factor authentication type: Pre load, Realtime and Soft tokens: VOICE tokens: One Swipe: 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 9

3.1 Successful Logon with 2FA User authenticates successfully and is presented with SalesForce: Note Configure your domain name within seiis.ini (C:\Windows): # Default Domain Name to use if no domain information is included in this UserID (leave blank if not required) DefaultDomain= yourdomain This will allow your users to logon to SalesForce without specifying the domain name: domain\userid 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 10

4.0 Notes 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information