Link to home
Start Free TrialLog in
Avatar of jdff
jdff

asked on

Single Sign On Integration(SSO)

I was wondering if someone has some experience on integrating a Single Sign On solution with 3rd party service providers, our company plans to integrate with google apps and silk roads, however as I understand the credentials will be sole stored at our Active Directory Server, I would like to know how will the user manipulate his/her password. Any setup instructions or tips for a smooth integration will be well appreciated.
Avatar of Mahesh
Mahesh
Flag of India image

You need to install Microsoft ADFS 2.0 \ 3.0 server in your on premise Active Directory and need to publish it on internet

Then your applications need to integrated with ADFS server
In applications, you need to configure ADFS as account provider (Identity Provider)
In ADFS, you need to configure applications as a Relying Party

Also you need to set HomeRealmDiscovery on corporate machines, so that whenever user access application url, it will forward that request to your ADFS server for authentication and ADFS will authenticate user with active directory, ideally it will ask user with logon prompt and user has to enter his AD username and password.

U can add ADFS server URL to intranet zone in IE on all client machines so that user will not be get username \ password prompt and it will pickup user existing logon as windows integrated authentication and user will get SSO experience

If you did not add ADFS server URL to intranet zone, user will initially prompted for username and password and that information will get cached on his machine to get kind of SSO experience

You can check your application manual \ settings on how to establish trust with ADFS

Only thing application must be ADFS aware (Claims aware - SAML 2.0 protocol support) because ADFS works on Claims and SAML protocol.

To configure ADFS on windows server
http://www.gunnalag.com/2014/06/18/step-by-step-guide-for-installing-and-configuring-adfs-3-0-on-windows-server-2012/
U will get MS documentation as well.

Check below URLs wrt Google Apps
http://www.huggill.com/2012/01/12/setting-up-google-apps-single-sign-on-sso-with-adfs-2-0-and-a-custom-sts-such-as-identityserver/
http://itlinkmaine.com/site/2013/07/google-apps-and-active-directory-federation-services/

There are numerous posts available on above topics
Before you jump through hoops ... are you looking to integrate SSO yourself or are you looking at a third party solution that would provide a single login screen for both Google Apps and Silk Road HR?
Avatar of jdff
jdff

ASKER

I plan to deploy adfs to integrate silkroad ride away but if there is any 3rd party solution to make things easier or to save time, i would consider it. Not very concerned about google apps at the present time since my project needs to move forward with silk road first.
If your application is claims aware (Supports SAML), then its not very hard to setup ADFS,
There is one 3rd party product I am aware.
https://www.okta.com/product/identity-management/single-sign-on.html
But I don't think its required.
I would also look at ClearLogin.
Avatar of jdff

ASKER

Hi Allen,
I did contact Clearlogin and we'll go for a demo now, if anyone has any other suggestions, please let me know. We are also strongly considering to deploy the solution ourselves as Mahesh has detailed.
SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jdff

ASKER

Mahesh,
We have a 2008 STD R2 domain controller, should I deploy a secondary domain controller with Windows 2012 for this purpose?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial