Activating Single Sign-On SSO with ADFS

Single Sign-On with ADFS requires configuring Workboard as an application in ADFS.

      1. Ensure your WorkBoard technical point of contact has received your organization's federated metadata XML file or URL.
      2. Enter the required fields as mentioned below. Organization_unique_identifier will be provided to you by WorkBoard.
      3. Use these base URLs in the following configuration:

         

        Assertion Consumer Service (ACS)

        https://www.myworkboard.com/lib/php/simplesaml/www/module.php/
        saml/sp/saml2-acs.php/{organization_unique_identifier}

        Entity ID

        https://www.myworkboard.com/lib/php/simplesaml/www/module.php/
        saml/sp/metadata.php/{organization_unique_identifier}

        Relay State URL

        https://www.myworkboard.com/wb/user/login?saml_sso={organization_
        unique_identifier}

        SP Metadata URL

        https://www.myworkboard.com/lib/php/simplesaml/www/module.php/
        saml/sp/metadata.php/{organization_unique_identifier}

        Name ID

        Name ID: Email address
        Name ID Format: UNSPECIFIED
      4. Open ADFS manager console and click Add Relying Party Trust
      5. Select Import data about the relying party published online or on a local network.
      6. Here you need to put the Workboard metadata file URL (above)

         

         

        Do not select certificate while configuring the Relying party trust as Workboard doesn’t support certificate with SAML implementation.
      7. Click Add Rule on the Issuance Transform Rules tab

         

         

      8. Select Send LDAP Attributes as Claims and click Next

         

         

      9. Enter a Claim rule name, such as Get Attributes

      10. Set the Attribute store to Active Directory,

      11. Type in E-Mail-Addresses for the first LDAP attribute

      12. Set its outgoing type to E-Mail Address

      13. Type in Display-Name for the second LDAP attribute and set its outgoing type to Name.

      14. Click Finish when you are done.

         

      15. Click Add Rule on the Issuance Transform Rules tab again.

      16. Select Transform an Incoming Claim and click Next.

         

      17. Enter a Claim rule name, such as Name ID Transform.

      18. Set Incoming claim type to E-Mail Address.

      19. Set Outgoing claim type to NameID.

      20. Set Outgoing name ID format to Unspecified.

      21. Select Pass through all claim values and click Finish and close the Wizard.

Test it out

  1. Login to Workboard
  2. For IDP Initiated Authentications
  3. Click on the Workboard link or tile listed under your Application portal
  4. For SP Initiated Authentications
  5. Go to https://www.myworkboard.com/wb/user/login in your browser tab
  6. Click on Login with your company ID
  7. Enter your company email address to log in. You will be redirected to Workboard once you authenticate using your company credentials in your company’s web portal.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request