Single Sign-on Using AD FS¶
Single sign-on (SSO) is a different authentication method that helps to make Managed Services accounts more secure.
With single sign-on authentication, a user can access Managed Services without being prompted to enter separate login credentials. SSO authentication will grant users automatic access to multiple applications once the user has been authenticated.
An SSO session begins when the authenticated user requests a secured resource from Managed Services while logged in to a site or application. The user's browser sends an HTTP request to Managed Services with information that then validates the session.
The Managed Services Platform supports single sign-on (SSO) logins, either through an LDAP or SAML 2.0 identity provider. An SAML 2.0 identity provider (IdP) can take on many forms, such as a self-hosted Active Directory Federation Services (AD FS) server.
AD FS is a service provided by Microsoft. It manages authentication through a proxy service hosted between the Active Directory and the target application. It simplifies the authentication process by using a Web login to authenticate existing Active Directory credentials.
Note: You will need IT team members from your organization who have administrator privileges on the IdP system who will help you configure the system using the steps provided in the following section.
- Setting Up Active Directory Federation Services
In this section, we review how to set up and install Active Directory Federation Services (AD FS). - Configuring an Identity Provider (IdP)
Once you've set up your Active Directory Federation Services (AD FS) and obtained the IdP metadata, you can configure your IdP using SAML.
Parent topic:Managed Services Platform Authentication Guide