Single Sign-On with ADFS requires configuring Workboard as an application in ADFS.
- Ensure your WorkBoard technical point of contact has received your organization's federated metadata XML file or URL.
- Enter the required fields as mentioned below. Organization_unique_identifier will be provided to you by WorkBoard.
- Use these base URLs in the following configuration:
Assertion Consumer Service (ACS)
https://www.myworkboard.com/lib/php/simplesaml/www/module.php/
saml/sp/saml2-acs.php/{organization_unique_identifier}Entity ID
https://www.myworkboard.com/lib/php/simplesaml/www/module.php/
saml/sp/metadata.php/{organization_unique_identifier}Relay State URL
https://www.myworkboard.com/wb/user/login?saml_sso={organization_
unique_identifier}SP Metadata URL
https://www.myworkboard.com/lib/php/simplesaml/www/module.php/
saml/sp/metadata.php/{organization_unique_identifier}Name ID
Name ID: Email address
Name ID Format: UNSPECIFIED - Open ADFS manager console and click Add Relying Party Trust
- Select Import data about the relying party published online or on a local network.
- Here you need to put the Workboard metadata file URL (above)
- Click Add Rule on the Issuance Transform Rules tab
- Select Send LDAP Attributes as Claims and click Next
-
Enter a Claim rule name, such as Get Attributes
-
Set the Attribute store to Active Directory,
-
Type in E-Mail-Addresses for the first LDAP attribute
-
Set its outgoing type to E-Mail Address
-
Type in Display-Name for the second LDAP attribute and set its outgoing type to Name.
-
Click Finish when you are done.
-
Click Add Rule on the Issuance Transform Rules tab again.
-
Select Transform an Incoming Claim and click Next.
-
Enter a Claim rule name, such as Name ID Transform.
-
Set Incoming claim type to E-Mail Address.
-
Set Outgoing claim type to NameID.
-
Set Outgoing name ID format to Unspecified.
-
Select Pass through all claim values and click Finish and close the Wizard.
Test it out
- Login to Workboard
- For IDP Initiated Authentications
- Click on the Workboard link or tile listed under your Application portal
- For SP Initiated Authentications
- Go to https://www.myworkboard.com/wb/user/login in your browser tab
- Click on Login with your company ID
- Enter your company email address to log in. You will be redirected to Workboard once you authenticate using your company credentials in your company’s web portal.