Use ADFS SSO with Incorta

To enable single sign on using Microsoft Active Directory Federation Service (ADFS), you must configure ADFS and Incorta.

ADFS accepts secure URLs only, so the URLs of Incorta and any additional tools must use https.

Perform the following steps for each tenant using ADFS SSO:

  1. Configure ADFS, see Configure ADFS.
  2. Enable SSO for a tenant, see Enable SSO for a Tenant.
  3. Create a Configuration file, see Create a Configuration file a Configuration file).
  4. Modify the server.xml file to reference the DS configuration file. See Modify server.xml.
  5. Restart Incorta.

Configure ADFS

  1. Navigate to ADFS manager.
  2. Right select ADFS and then select Add Relaying Party Trust.
  3. Select Claims aware, then Start.
  4. Select Enter data about the relaying party Manually, then Next.
  5. Enter a display name and select Next.
  6. Browse to an encryption certificate or select Next to continue without an encryption certificate.
  7. Select Enable for the SAML 2.0 WebSSO protocol.
  8. Enter the Incorta SSO link in the following format and select Next: https://<incorta-server>/incorta/!<tenant-name>/.
  9. Add a relying identifier. For example, enter the Incorta URL https://incorta.com/incorta. Select Next.
  10. Select Permit everyone, then Next.
  11. Select Next.
  12. Select Finish.
  13. Select the relying parts in the left panel and the relying party you created and select properties in the right panel.
  14. Select the Advanc*e tab, then SHA-1 in Secure hash algorithm.
  15. Select the Endpoint tab.
  16. Select Add.
  17. Select SAML logout as the endpoint type and enter a URL in the format https://<server-name>/incorta/logout.jsp?rediredtUrl= in the Trusted URL field and the Response URL field.
  18. Select Add Claim.
  19. Select Send LDAP Attributes as Claim from Claim rule template and select Next.
  20. Enter a Claim rule name. From LDAP Attributes, select Display-Name and login name from the Outgoing claim type.
  21. Select Finish.