SSO with ADFS
You already use Active Directory Federated Services (ADFS) to conveniently manage permissions to applications; now you can also use it to manage permissions to your databases. Gain complete control and transparency over access to your data everywhere.
Screenshots are from Windows Server 2016
Your ADFS server will need a valid TLS certificate.
Create an application group: Within Application Groups, add a new application group. From the application group wizard select:
Server application accessing a web API. Provide a name and click next.
Configure server application redirect URI: Save the Client Identifier; you will need this in the following steps. Add the following redirect URI:
Configure Application Credentials: Check
Generate a shared secretand save this for later.
Configure Web API client identifier: Add the Client Identifier you saved from the previous step.
Configure application permissions: Check the items shown in the screenshot.
Review settings: Review the settings overview and click next.
Enable login by email instead of UPN: By default strongDM will match your login email address to the UPN returned by ADFS. If you would prefer to use email, edit the Web API and add the following transformation rule:
Enable ADFS in in strongDM: In the strongDM app, go to "Settings" -> Authentication, click click to make changes, then select Active Directory from the drop-down menu. Add your client details as shown and click activate.
If any errors occur or if the integration fails in any way, please contact firstname.lastname@example.org for assistance.