Windows ADFS Configuration for EasyTerritory

Enabling Single Sign-On

Configuring Azure Maps or Bing Maps

Overview

Configure Client-Side Layers

Configure Server-Side Layers

Security

Advanced Settings

Features by Layer Type

Setup Documentation

Overview:

EasyTerritory (version 3.76.00+) supports Windows ADFS using OpenID- Connect authentication protocol.  ADFS is a Single sign-on (SSO) feature that enables a user to login to the EasyTerritory application through ADFS sign-on page.  ADFS will authenticate the user using Active Directory credentials and direct them to EasyTerritory to access the application.

Advantages:

The advantages of leveraging Windows ADFS with your EasyTerritory application are:

– Simple streamlined SSO access to your EasyTerritory application through company’s Windows ADFS sign-on page.

– Strengthens security with users not needing to remember additional usernames and passwords.

– Ability for companies to control users’ access to EasyTerritory within their Active Directory.

– User’s detail information is stored in Active Directory not in EasyTerritory.

– Supports multi-factor authentication (MFA).

Prerequisites

– You will need to install ADFS on Windows 2016 or above.

Windows ADFS Configuration Steps:

1. On your Windows ADFS server, go into the ADFS Management Console

  • Click ‘Application Groups’ then ‘Add Application Group’

2. In the ‘Add Apllication Group Wizard’ enter the following:

  • Give the Application a friendly name.
  • Select ‘Web browser accessing a web application’

3. Click ‘Next’ and the following properties:

  • In ‘Redirect URI’ enter your EasyTerritory redirect URI. ie: https://apps.easyterritory.com/GUID/app/index.aspx

4. Click ‘Next’ and choose and access control policy (optional):

  • Select a group located in your Active Directory.
  • Please Note: users trying to browse to EasyTerritory that do not have permission to view the application will be automatically signed out.

EasyTerritory Configuration Steps:

1. With an EasyTerritory ‘Admin’ account into EasyTerritory go to the admin settings panel and set the following properties. https://apps.easyterritory.com/GUID/app/index.html#admin

  • Authority: https://adfs.DOMAIN.com/adfs
  • Client ID: your application group client id
  • Flag both ‘Use discoverty proxy’, ‘RP- initiated logout’, and ‘Suppress User Info?’
  • Save and when browsing to your EasyTerritory site you should be redirected to your ADFS sign on page.

For any questions or support please contact us! support@easyterritory.com