Configure SSO with Microsoft Active Directory

Before you configure user authentication by using Microsoft Active Directory, make sure you complete the following prerequisites:

Prerequisites

Download the AD FS Federation Metadata XML document from the AD FS management console

To configure SSO using Microsoft Active Directory, you need the Active Directory Federation Services (AD FS) Federation Metadata XML document. This document contains all the information required by the Calibo Accelerate platform to contact the AD FS server.

To download the federation metadata XML, do the following:

  1. Sign in to the ADFS server and open the management console.

  2. In the AD FS folder in the left pane, expand Services and click Endpoints.

  3. In the Metadata section, locate the entry of the type Federation Metadata with the URL path ending in /federationmetadata/2007-06/federationmetadata.xml. Copy this URL.

  4. Append your domain to the copied URL. The URL format should look like this: https://{domain-name}/federationmetadata/2007-06/federationmetadata.xml

  5. Paste the adjusted URL into a browser’s address bar and press Enter.

  6. Download the file and save it to your computer.

To configure user authentication by using Microsoft Active Directory, do the following:

1. Configure Single Sign-on

In this section, you enable Single Sign-on (SSO) by providing the SAML configuration details of Microsoft Active Directory. This allows users to securely sign in to the Calibo Accelerate platform by using their existing credentials via SSO. Do the following:

  1. Configure SSO details by using one of the following options:

    Enter SAML configuration details manually

    1. Enter the following parameters manually:

      • Single Sign-on Service URL: The URL where authentication requests are sent.

      • Single Logout Service URL: The URL to handle single logout requests.

      • X.509 Certificate: The certificate that validates SAML messages from Microsoft Active Directory.

    2. Click Next.

    Import SSO metadata from IdP URL

    1. Enter the URL of the AD FS Federation Metadata XML file and click Import.

       Details such as your Single Sign-on Service URL, Single Logout Service URL, and X.509 Certificate are auto-populated after you import the XML file.

    2. Click Next.

    Import SSO metadata from IdP metadata XML file

    1. Upload the AD FS Federation Metadata XML document and click Import. Details such as your Single Sign-on Service URL, Single Logout Service URL, and X.509 Certificate are auto-populated after you import the document.

    2. Click Next.

2. Import/Add Users

You can either import users from Microsoft Active Directory via LDAP or manually add users to the platform. On the Import/Add users screen, do one of the following:

Import users from Microsoft Active Directory or add them manually

  1. Click Import Users

    On the Import/Add Users screen, click Import Users and then click Proceed.

    Note:

    Before you try importing users from Microsoft Active Directory, make sure you are connected to your enterprise Virtual Private Network (VPN).

  2. Provide LDAP Connection Details
    Enter the following details to establish the connection:

    • LDAP Server Address: The IP address or host name of your organization's LDAP server.

    • Bind DN: The Distinguished Name (DN) that is used to bind and authenticate with the LDAP server.

    • Bind Password: The password for the Bind DN.

      Enter LDAP connection details

  3. Test the LDAP Connection
    Click Test Connection to validate the connection details that you have configured. This ensures that Calibo Accelerate can communicate with your Active Directory and fetch user data.

  4. Configure & Import Users
    Click Configure & Import Users to proceed.

  5. Select Users to Add to the Platform
    A list of users imported from Microsoft Active Directory is displayed. Select the appropriate boxes for the users you want to add to the Calibo Accelerate platform. In the search box, you can search for a user by their name or email address. Additionally, you can apply a country filter to narrow down the results.
    Select users to add to the Calibo Accelerate Platform

    After you select all the intended users, click Proceed. It's time to choose administrators.

To add users manually, do the following:

  1. On the Import/Add Users screen, click Add Users Manually, and click Next.

  2. On the Specify Your Domain screen, enter the domain name for which you have configured SSO.
    If you enter any other domain here, SSO for the Calibo Accelerate platform will fail.

  3. Click Proceed.

    Specify domain to add users to Calibo Accelerate

  4. On the Add Users to the Platform screen, click Add Users.

    Click Add Users and start adding users manually to F24H Wizard

  5. In the side drawer, enter the user details, including their first name, last name, a valid email address, and select the country. Then, click Add.

    Add users manually in F24H Wizard

  6. After you add all the intended users, click Next. It's time to choose administrators.

3. Select Administrators

  1. On the Select Administrators screen, in the search box, you see all the users that you added in the previous step. Start the name of the user you want to designate as a Tenant Administrator.

    Select platform administrators from the list of chosen users

  2. After you select all the intended administrators, click Next.

4. Review Platform Users

The Platform Users screen displays the list of all the administrators and users you chose to add to the Calibo Accelerate platform in the previous steps. The details such as each user's name, email address, and country are displayed. The Status column indicates whether the user was successfully added or if there was an issue. In case of failure, review the error messages and take the necessary action.

You can go back to the previous screen to make any changes or click Configure to finish adding users to the Calibo Accelerate platform.

List of Calibo Accelerate platform administrators and users

5. Create AD FS Relying Party Trust

After you click Configure in the previous step, the SSO configuration in the Calibo Accelerate platform interface is complete and the federation metadata file is available for download.

Federation metadata file available for download

To complete the SSO configuration in Microsoft Active Directory, download and save the federation metadata XML file.

Create a relying party trust in the Active Directory Federation Services (AD FS) Management Console by using the downloaded XML file. This establishes a trust relationship between the Calibo Accelerate platform and your Active Directory Federation Services (AD FS) instance. This trust allows AD FS to authenticate users on behalf of the Calibo Accelerate platform. For more details, see Creating a Relying Party Trust in the AD FS Management Console.

6. Validate Single Sign-on

  1. After you create the AD FS relying party trust for the Calibo Accelerate platform successfully, on the screen from where you downloaded the federation metadata XML file, in the Validate Single Sign-on section, click Validate.

    Click Validate to initiate SSO validation

  2. This takes you to the Calibo Accelerate platform sign-in screen. Use SSO credentials for user authentication. After a successful authentication redirection and SSO validation, the following success message is displayed.

    SSO validation successful for Calibo Accelerate Platform

  3. Return to the SSO configuration screen and click the Refresh icon to complete your SSO configuration.

    Click Refresh to complete SSO configuration

  4. After you see the message confirming that your SSO validation is successful, click Finish to complete the configuration in the F24H wizard.

    Click Finish to complete configuration in F24H Wizard

    5. Note:

    After you click Finish and exit the F24H wizard, the credentials using which you signed in to the F24H wizard will not work anymore. The administrator(s) that you selected in the earlier step can sign in to the Calibo Accelerate platform by using SSO credentials, add more users to the platform, and perform other administrative tasks.