Complete the steps in the following procedure to configure Single Sign-On (SSO) using the WS-Federation protocol. Kore also supports Security Assertion Markup Language (SAML) and OpenId Connect protocols. For more information, see Using Single Sign-On.
- In the Security module on the Single Sign On page in the Enterprise Admin Console, click Enable SSO.
- In the Select suitable Sign-On Protocol section, select WS-Federation.
- In the Configure SSO for WS-Federation section:
- On the Scope tab, select one of:
- All < My Domain Name > users
- Only managed < My Domain Name > users. For more information about managed users, see Working with Managed Users.
On the Configure tab, select an identity provider, and then define the settings for:
- Windows Azure®
- Azure AD Sign-On End Point URL - The URL that Kore sends sign on and sign off requests using Azure. The response for the authentication is sent to the Reply URL defined in your Azure Active Directory configuration settings.
- Azure AD Federation Metadata Document - The URL for the federation metadata document used for authentication with Azure Active Directory.
- AD Sign-On End Point URL - The URL that Kore sends sign on and sign off requests using your WS-Federation identity provider.
- AD Federation Metadata Document URL - The URL for the WS-Federation metadata document used for authentication with Active Directory.
In the administrative console for your Single Sign-On provider, you will also need to define the URLs that are used to exchange data between Kore and your SSO provider. While the URL names may vary by SSO provider, you will need to define these URLs:
- Assertion Consumer Service (ACS) URL or Callback URL as https://idp.kore.com/authorize/callback. In addition to authentication values, you must pass the email address of the user as an LDAP attribute from Active Directory when using ADFS. For more information, see Attributes for ADFS.
- Identity URL or Sign On URL as https://idp.kore.com.
The Identity Provider information successfully updated message is displayed at the top of the page. The following illustration shows the Single Sign On page with WS-Federation sign-on protocol selected: