<< Click to Display Table of Contents >>

Overview

In order to integrate your Enterprise subscription with your corporate ADFS you will need to carry out the configuration steps as described in this section.

Note that these are done only once, typically by an admin user of your Enterprise subscription having access to your ADFS system.

 

Once these steps are carried out, signing in to Modeler Collaboration Services directly via your ADFS, is done as described at Signing in with a corporate e-mail.

 

Prerequisites

Before you get started, ensure that your ADFS system is compliant to these Modeler Collaboration Services' requirements:

1. ADFS version 3.0 supported.

2. The ADFS must be accessible via a public URL and while using a valid server certificate (supporting HTTPS through a certificate which is issued by a CA).

 

What you need to do

An outline describing the configuration needed to sign in with ADFS considers these steps:

 

1. Create the relying party trust with Modeler Collaboration Services.

2. Communicate with cloud@bizagi.com for next steps.

 

Configuration

Follow the steps presented to integrate Bizagi Modeler Services with your ADFS:

 

1. Create the relying party trust with Modeler Collaboration Services.

To set the trust relationship between Modeler Collaboration Service (the relying party) and your ADFS, create a relying party trust as presented below.

 

1.1 Launch the creation of a relying party trust by clicking Add a trusted relying party.

 

SSO_idp0

 

Click Start.

 

1.2. Select Enter data about the relying party manually option to specify the data source.

 

SSO_idp1

 

Click Next.

 

1.3. Specify the display name and a meaningful description as well.

 

SSO_idp2

 

Click Next.

 

1.4. Choose the newest AD FS profile supporting SAML 2.0:

 

SSO_idp3

 

Click Next.

 

1.5. Configure the certificate for token encryption purposes as an additional security measure (optional).

You may choose to skip this step and click Next.

 

SSO_idp4

 

1.6. Configure the URL by ticking the Enable support for the WS-Federation protocol.

Specify the URL address of your Modeler Collaboration Services.

 

SSO_idp5

 

Click Next.

 

1.7. Configure the identifiers by using the same URL specified above.

This URL should appear under the identified/valid URLs.

Should you need to input another URL with a different identifier, enter this URL and use the Add button.

 

SSO_idp6

 

Click Next.

 

1.8. Configure the Issuance authorization rules by choosing the Permit all users to access this relying party option.

 

SSO_idp7

 

Click Next.

 

1.9. Review the configuration.

Browse the summary of all configuration carried out for this relying party trust.

When done and completely sure that you do not need changes, click Next.

 

SSO_idp8

 

1.10. Create the Claim rules for this trust by ticking the Open the Edit claim rules dialog for this relying party trust when the wizard closes.

This way, upon trust creation you will immediately create a claim rule and finish up the configuration.

 

SSO_idp9

 

Click Close.

 

1.11. Create a claim rule by using the Add Rule.. button.

You will need to ensure that you can send UPN, E-mail address and Name as information within the claim that is passed onto the Modeler Collaboration Services.

 

For instance, you may create a new claim rule by choosing the Send LDAP Attributes as Claims template:

 

SSO_idpRule0

 

Click Next.

 

1.12. Configure the rule by giving it a name, and explicitly including:

Attribute store: Attribute Directory.

Mapping of LDAP Attributes to outgoing claim types, including:

oUser-Principal-Name mapped to the UPN

oE-mail-Addresses mapped to the E-mail Address.

oCommon-Name mapped to the Name.

 

 

SSO_idpRule1

 

Click Finish.

You should have a registered claim rule for your specific relying party configuration.

Once you have verified this is correct, click OK.

 

2. Communicate with cloud@bizagi.com for next steps.

This step is done by sending an e-mail to cloud@bizagi.com in order to share certain information so that the integration is successful.

Among the information you will need to include, consider sending the full list of users that will be entitled to access Bizagi Modeler Services through the integrated authentication.

 

The full list of users should be sent in an excel file, including these columns:

Given name

Surname

E-mail address

Job title

Manager's e-mail address

Enabled (specified as 1 for true, 0 for false).

Country code

State/Province

City