ADFS Integration
Customer IT / SpaceIQ Onboarding Team
SpaceIQ supports integration with the ADFS (Active Directory Federation Services). This details how to configure the ADFS integration for SpaceIQ.
It is not possible to import (or pull) new users or profile updates from within SpaceIQ. The information must be pushed from ADFS.
Content
Prerequisites
- You will need ADFS with administration privileges to complete this integration and for the SiQ setup, you must have a SiQ Admin or an IT role.
Set SSO Using SAML for SpaceIQ
This section describes how to set up SSO using SAML (Security Assertion Markup Language) (SAML), so your users can use their ADFS credentials to sign in to the SpaceIQ Web App.
For more information on ADFS, see their documentation.
Step 1. Find the ADFS Identity Provider (IdP) information
From the ADFS Console, complete the following:
- Sign in to ADFS application admin panel as an Administrator.
- Locate and copy the following:
- Copy Issuer URL and paste into Step 2's SAML Identify Provider Issuer field.
- Copy the X.509 certificate and paste it into Step 2's X.509 Certificate field.
Leave the admin panel open.
Step 2. Active the ADFS Integration in SpaceIQ
From the SpaceIQ application, complete the following steps:
- In the top-right corner, click on your Profile Name, and then click on Settings.
- From the left menu, click Integrations.
- From the Third Party Integrations area, click the READ MORE link. The Integrations screen displays.
You can search for ADFS in the Search field or navigate to the ADFS tile. To navigate, complete the following:
- From the left menu, click Provisioning & SSO.
- For ADFS, click the Activate button.
The ADFS dialog displays and contains the SSO tab.
Complete the following:
- In the SAML Identify Provider Issuer field, enter the URL from the ADFS application admin panel from Step 1.
- In the X.509 Certificate field, enter the certificate you downloaded from Step 1.
Step 3. Complete the SSO Configuration in ADFS
Complete the ADFS integration fields:
- Copy the SAML Assertion Consumer Endpoint and paste it into your ADFS SAML Assertion Consumer Endpoint field.
- Copy the SAML Relay Part Identifier and paste it into your ADFS Relay Party Identifier field.
- In the ADFS Portal URL field, paste in the Application Home URL from your ADFS application admin panel.
- Optional - In the SSO Redirect URL (SpaceIQ Portal) field, paste the SSO URL from your ADFS application admin panel.
- Paste the signature algorithm method in the Signature Method Algorithm field (None, SHA1, SHA2, SHA512).
- In the Enable Just-in-Time Provisioning field, enter in either true or false.
- Click the Activate button.