Bypass SSO to login automatically with ADFS authentication

Enabling Windows authentication for Symphony from Active Directory Federation Services (ADFS) allows you the ability to pass Windows credentials to single sign-on (SSO) for the Symphony app within your intranet.

Allow users to bypass SSO to login automatically with ADFS authentication by following these steps:

1. From Server Manager, select Tools and then select ADFS Management.

2. From the ADFS snap-in, select Authentication Policies (Figure 1):

1.png

Figure 1 Authentication Policies

3. In the Primary Authentication section, select Edit next to Global Settings (Figure 2): 

2.png

Figure 2 Edit

Note: You can also right select Authentication Policies then Edit Global Primary Authentication or under the Actions pane, select Edit Global Primary Authentication.

4. In the Edit Global Authentication Policy window, select the Primary tab.

5. Enable the following checkboxes and select OK (Figure 3):

mceclip0.png

Figure 3 Edit Global Authentication Policy

6. Add Chrome as an agent in WIASupportedUserAgents.

7. Add a user agent string for Chrome in the ADFS configuration (Figure 4):

Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + “Chrome”)

Figure 4 Command

8. Confirm the user agent string for Chrome is now set in the ADFS properties (Figure 5 and Figure 6):

Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents

Figure 5 Command

3.png

Figure 6 Command

9. Add the domains to be whitelisted from the Symphony client to bypass the SSO authentication. To enable this, set the following variables to the necessary SSO URL under the customFlags configuration in the Symphony configuration file (Figure 7):

  • authServerWhitelist.
  • authNegotiateDelegateWhitelist.

mceclip2.png

Figure 7 customFlags

Note: Where companyabc is the name of your pod.

For example, if your app is installed in C:\Program Files\Symphony, you will need to edit the Symphony.config file under the config sub-directory.

Additionally, you will need to set authServerWhitelist and authNegotiateDelegateWhitelist to the necessary SSO URL, for example:

 https://companyabc.com/sso 

Note: Where companyabc is the name of your pod.

If you require further assistance with bypassing SSO to login automatically with ADFS authentication, please contact the Symphony Support team at support@symphony.com