Specifying Active Directory Federation Services (ADFS) as Your Service Provider

Microsoft Exchange and Microsoft SharePoint instances that can be accessed with MicroStrategy Identity must be controlled through a service provider, such as Microsoft Active Directory Federation Services (ADFS).

Specify ADFS as your service provider, and then download the Identity metadata to connect MicroStrategy Identity to your ADFS instance.

To Specify ADFS as your Service Provider and Download the MicroStrategy Identity Metadata

1. Log into MicroStrategy Identity Manager.
2. Click Logical Gateways.
   
3. Under Web Application Login, click More, then click ADFS.
4. To change the ADFS icon and the display name that appear in MicroStrategy Identity Manager, do the following:
   • To change the icon that appears in the list of web applications in MicroStrategy Identity Manager, under Choose Display Icon, click Import An Icon. Select an icon to display and click Open.
   • To change the display name that appears in the list of web applications in MicroStrategy Identity Manager, enter a new display name in the Enter Display Name field. The display name can be up to 30 characters.
5. If the users in your Identity Network are added from Microsoft Active Directory, you can enable users to sign in to Microsoft Exchange and Microsoft SharePoint by typing their Active Directory user name and password, rather than scanning a QR code. For example, if not all users in your network have access to a smartphone, you can enable users to sign in with their user name and password. To do this, select the Enable user name and password as a login option check box.
6. In the Assertion consumer service URL field, type the ADFS remote sign URL, such as https://machine_name/adfs/ls, where machine_name is your AD FS server location.
7. In the Service provider ID field, type the ADFS identity provider URL, such as http://machine_name/adfs/services/trust, where machine_name is your ADFS server location.
8. To specify the web page that you want to send users to when they log out of Microsoft Exchange or Microsoft SharePoint, click Advanced Settings, then type the URL in the Redirect on Logout URL field. By default, users are directed to your organization's ADFS identity provider URL.
9. If the users in your network log in to the Microsoft SharePoint or Microsoft Exchange through the MicroStrategy Identity single sign-on web portal, you can provide additional SAML parameters to support this. See your web application's third-party documentation for information about required parameters for identity-provider-initiated logins.
   Click Advanced Settings, then select from the following:
   • To specify the URL that users are directed to when they log in (the SAML 2.0 RelayState parameter), enter the URL in the Relay State field. By default, users are directed to your organization's AD FS identity provider URL.
   • If your service provider requires a SPNameQualifier attribute for the NameID parameter, enter this value in the Assertion Subject NameID field.
   • By default, MicroStrategy Identity specifies an authentication context (AuthnContext) value of Password. To specify a different value, select the value from the Assertion AuthnContext drop-down list.
10. Click Create.
11. To download the metadata that enables Identity functionality with ADFS, click Download Metadata. Depending on your browser, you may need to navigate to a location to save the plug-in, then click Save.
12. Copy the metadata file to a location on your ADFS server, then import the metadata file to your ADFS server.
13. When you are finished, return to MicroStrategy Identity Manager and click Done.
14. You can configure a specific application, such as Microsoft Exchange or Microsoft SharePoint, to work with MicroStrategy Identity. Click Yes, then follow the steps in the relevant topic below:
    • Configuring Exchange to Work with ADFS
    • Configuring SharePoint to Work with ADFS

Related Topics

Configuring ADFS on a Server

Signing in to MicroStrategy Identity-Enabled Web Applications from a Centralized Website