Setting up single sign-on using Active Directory with ADFS and SAML
ProProfs Knowledge Base supports single sign-on (SSO) logins through SAML 2.0. By saying single sign-on (SSO), it means your knowledge base users can log in to their account by using the same credentials they’re using to log on to their computer. They don’t need to remember separate login details for the Knowledge base.
A SAML 2.0 identity provider (IDP) can take many forms, one of which is a self-hosted Active Directory Federation Services (ADFS) server. ADFS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials.
To use ADFS to log in to your ProProfs Knowledge base, you need the following components:
- An Active Directory instance where all users have an email address attribute.
- A Knowledge base subscription on the Enterprise plan.
- You should have users in the Knowledge base using the same emails that were attributed in Active Directory. Authenticated users will uniquely identify using their email addresses. Here is how you can set up users in the ProProfs Knowledge base. Feel free to set up just one or two users during testing.
- A server running Microsoft Server 2012 or 2008. This guide uses screenshots from Server 2012R2, but similar steps should be possible on other versions.
Step 1 - Adding a Relying Party Trust
At this point, you should be ready to set up the ADFS connection with your ProProfs Knowledge base. The connection between ADFS and ProProfs is defined using a Relying Party Trust (RPT).
1. Select ADFS Management from the Tools menu.
Step 2 - Creating Claim Rules
Once the relying party trust has been created, you can create the claim rules and update the RPT with minor changes that aren't set by the wizard.
1. Select the Relying Party Trust we’ve just added and then click Edit Claim Rules…
2. To create a new rule, click on Add Rule inside the Issuance Transform Rules.
3. Create a Send LDAP Attributes as Claims rule.
4. On the next screen, using Active Directory as your attribute store, do the following:
1. From the LDAP Attribute column, select E-Mail Addresses.
2. From the Outgoing Claim Type, select E-Mail Address.
5. Click on OK to save the new rule.
6. Create another new rule by clicking Add Rule, this time selecting Transform an Incoming Claim as the template.
7. On the next screen:
1. Select E-mail Address as the Incoming Claim Type.
2. For Outgoing Claim Type, select Name ID.
3. For Outgoing Name ID Format, select Email.
Leave the rule to the default of Pass through all claim values.
8. Finally, click OK to create the claim rule, and then OK again to finish creating rules.
9. Your claim rules will appear like that.
Step 3 - Configuring ProProfs Knowledge Base
After setting up ADFS, you need to configure your ProProfs Knowledge base to authenticate using SAML. For now, we have configured your account on your behalf to get started quickly. Later, we'll give you a completed option to customize.
Step 4 - Testing Single Sign-On
You should now have a working ADFS SSO implementation for your ProProfs Knowledge base. To test this setup, open the ProProfs Knowledge Base login page and enter any user email (and no password). Make sure that the email that you're entering should be available in both Active Directory and ProProfs Knowledge Base.
After pressing Login, you will notice your most friendly Active Directory login screen.
Enter required login credentials (same email and password associated with that domain user). Once authenticated, you will be logged in to your ProProfs Knowledge Base account with appropriate user permissions.