MicroStrategy ONE

Configuring SharePoint to Work with ADFS

To use ADFS as your service provider for Microsoft SharePoint 2013 logins, you must configure ADFS to connect to SharePoint and provide authentication for users.

The following steps contain only the information required to configure or use Microsoft ADFS and Microsoft SharePoint 2013 with MicroStrategy Identity. See Microsoft's documentation for the latest information.

Configure your ADFS server and copy your ADFS SSL certificate to your Microsoft SharePoint 2013 server.

To Configure your Microsoft SharePoint Web Application to Work with ADFS

  1. On your Microsoft SharePoint server, open Central Administrator.
  2. Run the Microsoft SharePoint Management Shell as an administrator.
  3. To register your certificate with Microsoft SharePoint, enter the following sample code in the SharePoint Management Shell and replace the variables with the appropriate information for your environment:
    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\certs\ADFS2.cer")
    $map1 = New-SPClaimTypeMapping "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming
    $map2 = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email Address" -SameAsIncoming
    $realm = "https://www.sharepointexample.com/_trust/"$signinurl = "https://www.adfsendpointexample.com/adfs/ls/"$ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS_USHERPOC" -Description "ADFS 2.0 Federated Server" -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map1, $map2 -SignInUrl $signinurl -IdentifierClaim $map2.InputClaimType
    where:
    • C:\certs\ADFS2.cer is the location and file name of the ADFS SSL certificate that you copied to your SharePoint server.
    • https://www.sharepointexample.com/ is the URL for your SharePoint site.
    • https://www.adfsendpointexample.com/adfs/ls/ is the federation service endpoint URL.
  4. Create a new Microsoft SharePoint web application.
  5. Enter the appropriate information to create a new IIS web site.
  6. Under Security Configuration, select the following options:
    • Allow Anonymous - No
    • Use Secure Socket Layer (SSL) - Yes
    • Enable Windows Authentication
      • Integrated Windows authentication
        • From the drop-down list, select NTLM
  7. To manage your Microsoft SharePoint sites as a group, create a SharePoint site collection.
  8. To specify MicroStrategy Identity as the authentication provider for the Microsoft SharePoint site, specify the trusted identity provider that you created as the claims authentication type.
  9. To establish a trust relationship between Microsoft SharePoint and ADFS, create a new trust relationship and specify its name.
  10. Upload the ADFS security certificate as the Root Authority Certificate.
  11. To configure the URL that MicroStrategy Identity uses to communicate with Microsoft SharePoint, do the following:
    1. Log into MicroStrategy Identity Manager:
    2. Under Web Application Login, click Add Apps next to the ADFS configuration that controls your Microsoft SharePoint instance.
    3. From the Select Application drop-down list, select SharePoint.
    4. You can change the image that is displayed on the login page. Next the image preview, click Import an Icon. Select an image to display, then click Open.
    5. In the Enter Display Name field, enter a name to display on the login page. The name can be up to 30 characters.
    6. In the Application Login URL field, enter the URL to log in to Microsoft SharePoint.
    7. Click Done.

Related Topics

Specifying Active Directory Federation Services (ADFS) as Your Service Provider

Configuring ADFS on a Server

Importing Your MicroStrategy Identity Server Data into ADFS

Configuring Exchange to Work with ADFS

Signing in to MicroStrategy Identity-Enabled Web Applications from a Centralized Website

Categorizing MicroStrategy Badge Resources