ADFS

You already use Active Directory Federated Services to conveniently manage permissions to applications; now you can also use it to manage permissions to your databases. Gain complete control and transparency over access to your data everywhere.

Note: Screenshots are from Windows Server 2016

Important: Your ADFS server will need a valid TLS certificate.

  1. Create an application group: Within Application Groups, add a new application group. From the application group wizard select: Server application accessing a web API. Provide a name and click next.

    "ADFS Admin"

  2. Configure server application redirect URI: Save the Client Identifier; you will need this in the following steps. Add the following redirect URI:

    https://app.strongdm.com/auth/return

    "Configure identifiers"

  3. Configure Application Credentials: Check Generate a shared secret and save this for later.

    "Configure credentials"

  4. Configure Web API client identifier: Add the Client Identifier you saved from the previous step.

    "Configure credentials"

  5. Configure application permissions: Check the items shown in the screenshot.

    "Configure credentials"

  6. Review settings: Review the settings overview and click next.

    "Configure credentials"

  7. Enable login by email instead of UPN: By default strongDM will match your login email address to the UPN returned by ADFS. If you would prefer to use email, edit the Web API and add the following transformation rule:

    "Configure credentials"

  8. Enable ADFS in in strongDM: In the strongDM app, go to “Settings” -> Authentication, click click to make changes, then select Active Directory from the drop-down menu. Add your client details as shown and click activate.

    "Configure ADFS in strongDM"

  9. If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.