Sign up

Sign up

Please enter your email and sign up using the following link.

During the signup you will need to provide the following details:

  • StoreName (https://portal.zervicepoint.com/StoreName)
  • StoreAdministratorEmail

Important

By default, we'll first provision a temporary account for you in a shared ADFS environment where you can first login to zervicepoint without having prepared ADFS/Azure AD. This is only intended for you to get started and explore zervicepoint.

Warning

If you don't update ADFS/Azure AD User Authentication settings, your may be locked out after a few days.

Authentication

You can either use AzureAD or ADFS for logon authentication to your store.

Azure AD

If you want to use AzureAD, you need to supply the following information

  • TenantId

How to find TenantId?

ADFS

For ADFS we need the following information.

  • ADFS Hostname (sts.example.com)
  • ADFS Thumbprint

How to find ADFS thumbprint?

If you plan to use ADFS you will need to create a relying party in your ADFS environment.

ADFS relying party trust

Active Directory Federation Service should run atleast version 2.0 or later

Relying party trust

WS-Federation Passive Endpoint

https://portal.zervicepoint.com/
https://portal.zervicepoint.com:20000/

Identifiers

https://portal.zervicepoint.com/
https://portal.zervicepoint.com:20000/
https://portal.zervicepoint.com:9900/ProcessSystem/

Required claims (LDAP)

Attribute Claim
SAM-Account-Name Name ID
E-mail-Addresses E-Mail
Display-Name Name
Token-Groups Unqualified names Group

Create ADFS Relying Party Trust using PowerShell

# Must be run on ADFS Server
# For ADFS on Windows Server 2016
Import-Module ADFS

$Name = "Zervicepoint"
$Identifier = @(
    "https://portal.zervicepoint.com/",
    "https://portal.zervicepoint.com:20000",
    "https://portal.zervicepoint.com:9900/ProcessSystem/"
)
$IssuanceTransformRule = '@RuleTemplate = "LdapClaims"
    @RuleName = "LDAP"
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer =="AD AUTHORITY"]
        => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/claims/CommonName",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
        "http://schemas.xmlsoap.org/claims/Group"), query = ";mail,displayName,sAMAccountName,displayName,tokenGroups;{0}", param = c.Value);'

$WSFedEndpoint = "https://portal.zervicepoint.com"
$AdditionalWSFedEndpoint = "https://portal.zervicepoint.com:20000"
$AccessControlPolicyName = "Permit everyone"

Add-AdfsRelyingPartyTrust -Name $Name -Identifier $Identifier -IssuanceTransformRules $IssuanceTransformRule -WSFedEndpoint $WSFedEndpoint -AdditionalWSFedEndpoint $AdditionalWSFedEndpoint  -AccessControlPolicyName $AccessControlPolicyName

Next steps

Things to do next.

  • Plan for worker deployment
  • Install worker