Skip to content

Sign up

Sign up

Please sign up using our signup page

Authentication

You can either use AzureAD or ADFS for logon authentication to your store.

Azure AD

If you want to use AzureAD, you need to supply the following information

  • TenantId

How to find TenantId?

ADFS

For ADFS we need the following information.

  • ADFS Hostname (sts.example.com)
  • ADFS Thumbprint

How to find ADFS thumbprint?

If you plan to use ADFS you will need to create a relying party in your ADFS environment.

ADFS relying party trust

Active Directory Federation Service should run atleast version 2.0 or later

Relying party trust

WS-Federation Passive Endpoint

https://portal.zervicepoint.com/

https://portal.zervicepoint.com:20000/

Identifiers

https://portal.zervicepoint.com/

https://portal.zervicepoint.com:20000/

https://portal.zervicepoint.com:9900/ProcessSystem/

Required claims (LDAP)

Attribute Claim
SAM-Account-Name Name ID
E-mail-Addresses E-Mail
Display-Name Name
Token-Groups Unqualified names Group

Create ADFS Relying Party Trust using PowerShell

# Must be run on ADFS Server
Import-Module ADFS

$Name = "Zervicepoint"
$Identifier = @(
    "https://portal.zervicepoint.com/",
    "https://portal.zervicepoint.com:20000",
    "https://portal.zervicepoint.com:9900/ProcessSystem/"
)
$IssuanceTransformRule = '@RuleTemplate = "LdapClaims"
    @RuleName = "LDAP"
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer =="AD AUTHORITY"]
        => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/claims/CommonName",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
        "http://schemas.xmlsoap.org/claims/Group"), query = ";mail,displayName,sAMAccountName,displayName,tokenGroups;{0}", param = c.Value);'

$WSFedEndpoint = "https://portal.zervicepoint.com"
$AdditionalWSFedEndpoint = "https://portal.zervicepoint.com:20000"
$AccessControlPolicyName = "Permit everyone"

Add-AdfsRelyingPartyTrust -Name $Name -Identifier $Identifier -IssuanceTransformRules $IssuanceTransformRule -WSFedEndpoint $WSFedEndpoint -AdditionalWSFedEndpoint $AdditionalWSFedEndpoint  -AccessControlPolicyName $AccessControlPolicyName

Next steps

Things to do next.