EasyTerritory (version 3.76.00+) supports Windows ADFS using OpenID- Connect authentication protocol. ADFS is a Single sign-on (SSO) feature that enables a user to login to the EasyTerritory application through ADFS sign-on page. ADFS will authenticate the user using Active Directory credentials and direct them to EasyTerritory to access the application.
The advantages of leveraging Windows ADFS with your EasyTerritory application are:
– Simple streamlined SSO access to your EasyTerritory application through company’s Windows ADFS sign-on page.
– Strengthens security with users not needing to remember additional usernames and passwords.
– Ability for companies to control users’ access to EasyTerritory within their Active Directory.
– User’s detail information is stored in Active Directory not in EasyTerritory.
– Supports multi-factor authentication (MFA).
– You will need to install ADFS on Windows 2016 or above.
Windows ADFS Configuration Steps:
1. On your Windows ADFS server, go into the ADFS Management Console
Click ‘Application Groups’ then ‘Add Application Group’
2. In the ‘Add Apllication Group Wizard’ enter the following:
Give the Application a friendly name.
Select ‘Web browser accessing a web application’
3. Click ‘Next’ and the following properties:
In ‘Redirect URI’ enter your EasyTerritory redirect URI. ie: https://apps.easyterritory.com/GUID/app/index.aspx
4. Click ‘Next’ and choose and access control policy (optional):
Select a group located in your Active Directory.
Please Note: users trying to browse to EasyTerritory that do not have permission to view the application will be automatically signed out.
EasyTerritory Configuration Steps:
1. With an EasyTerritory ‘Admin’ account into EasyTerritory go to the admin settings panel and set the following properties. https://apps.easyterritory.com/GUID/app/index.html#admin
Client ID: your application group client id
Flag both ‘Use discoverty proxy’, ‘RP- initiated logout’, and ‘Suppress User Info?’
Save and when browsing to your EasyTerritory site you should be redirected to your ADFS sign on page.