Enabling Windows authentication for Symphony from Active Directory Federation Services (ADFS) allows you to pass Windows credentials to single sign-on (SSO) for the Symphony app within your intranet.
To allow users to bypass SSO and log in automatically with ADFS authentication:
- In Server Manager, select Tools > AD FS Management.
- Under AD FS, select Authentication Policies.
- In the Primary Authentication section:
- Select Edit next to Global Settings, or
- Right-click Authentication Policies, then select Edit Global Primary Authentication and Edit Global Primary Authentication under the Actions pane.
- In the Edit Global Authentication Policy window, select the Primary tab.
- Enable the following checkboxes and select OK.
- Add Chrome as an agent in WIASupportedUserAgents.
- Add a user agent string for Chrome in the ADFS configuration.
Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + “Chrome”)
- Confirm the user agent string for Chrome is now set in the ADFS properties.
Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents
- Add the domains to be whitelisted from the Symphony client to bypass the SSO authentication. To enable this, set the following variables to the necessary SSO URL under the customFlags configuration in the Symphony configuration file:
-
- authServerWhitelist
- authNegotiateDelegateWhitelist
-
-
- companyabc is the name of your Symphony instance.
-
For example, if your app is installed in C:\Program Files\Symphony, you will need to edit the Symphony.config file under the config sub-directory.
Additionally, you will need to set authServerWhitelist and authNegotiateDelegateWhitelist to the necessary SSO URL, for example:
https://companyabc.com/sso
-
-
- companyabc is the name of your Symphony instance.
-
If you require further assistance with bypassing SSO to login automatically with ADFS authentication, please contact the Symphony Support team at support@symphony.com.