Versions Compared

Old Version 2

changes.mady.by.user Daniel Pigott (Unlicensed)

Saved on

compared with

New Version 3

changes.mady.by.user Rob Cruse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This guide is for IT Administrators to setup ADFS for integration with Lucidity Software Products

...

TermDescription
IdPIdentity Provider, acts as identifying party in federation requests
SPService Provider, acts as consumer of relayed information in federation requests
Relying Party

Microsoft's terminology for SP

idp-instance-urlWeb-accessible path to ADFS IdP instance. Must be accessible via HTTPS

A Quick Overview of what you get from ADFS

To help understand what benefits are achieved by setting up ADFS, the following summary has been prepared so you can see the difference between an ADFS authenticated system and normal authentication.

Normal Authentication

  1. User opens login screen and enters Username and Password.  There is a password reset option.

    Image Added
     
  2. Lucidity authenticates against the Username and Password that has been created within Lucidity Access.   If this authentication fails the user is unable to log in.

ADFS Authentication

  1. User is presented with a login screen for ADFS that allows them to proceed with an ADFS login ('login' button) or switch to non-domain login if they are accessing the system from outside the company network. 

    Image Added

  2. Option 1 - User clicks 'Login' button.
    1. Lucidity obtains the current username 'from the browser' that the user used to authenticate against the network.
    2. If that username has a corresponding entry in Lucidity Access with appropriate permissions to allow entry into the application, then entry is allowed.
    3. If the username that was used to log onto the network is does not have a corresponding entry in Lucidity Access, or the user is not currently logged on to the network, then entry is not allowed.
    4. In the instance where entry is not possible using ADFS, the user can still revert to non-domain credentials (see step 3).
  3. Option 2 - User clicks 'Login with non-domain credentials' button.
    1. User is presented with a login screen which requires entry of a Username and Password.  User enters these details.

      Image Added
    2. Lucidity authenticates against the Username and Password that has been created within Lucidity Access.   If this authentication fails the user is unable to log in.
    3. Note that the username and password must be those recorded in Lucidity Access, as this is a non-domain login.
    4. User has the option of reverting the to ADFS login if they separately log onto the network and return to the browser to re-attempt authentication.
Info
titleImportant Notes

The user must be authenticated against the local network domain in order for ADFS to function.

The user must have the same username within Active Directly and Lucidity Access so that Lucidity can determine what permissions to give the user when they log in using ADFS.

Lucidity still includes a non-domain login option for times when the user wishes to access Lucidity but they are not logged onto the network.


 

ADFS Setup

Instructions for setup of ADFS can be found in the following video and instructions. You can skip some of this if ADFS is already setup.

http://www.youtube.com/embed/fwHIKlAPV0g

Widget Connector
urlhttp://www.youtube.com/embed/fwHIKlAPV0g

1. Install AD CS (IdP)

Active Directory Certificate Service is required to sign requests made by IIS when authenticating ADFS.
Following instructions in the below video, install ADCS, and create a Certificate Authority for the machine. This will be used to issue certificates later in the process.

Follow instructions between 0:50 to 5:40

2. Create a certificate used to sign requests (IdP)

...