Dash Enterprise Administration
4.3.1
4.3.1
  • Changelog
  • Installation
    • Capacity Planning
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • Before you install
    • Dash Enterprise Single Server
      • Installation on cloud provider
      • On-premise installation on own server
      • Fully offline installation
    • Dash Enterprise Kubernetes
      • Amazon Web Services resource prerequisites
      • Google Cloud Platform resource prerequisites
      • Microsoft Azure resource prerequisites
  • Configuration
    • Set up your Server Manager
    • Run preflight checks
    • Configure basic settings
    • Authentication settings
      • Built-in local authentication
      • LDAP authentication
      • SAML authentication
    • Dash Enterprise Kubernetes additional required configuration
    • Configure optional settings
    • Add SELinux permissions to mapped directories
    • Other options and customizations
    • Using Snapshots & Backups
    • Running and logging into Dash Enterprise
    • Next steps
  • Advanced Configuration
    • General troubleshooting and problem solving
      • Dash Enterprise Kubernetes
    • Load balancer configuration
    • Reverse proxy setup instructions
    • Docker storage driver requirements and considerations
    • Import an LDAPS certificate from Active Directory into Dash Enterprise
    • Transfer Dash Enterprise to a new server
    • Sync license changes
    • Change channels for an upgrade
    • Admin panel reference
    • Configure Dash Enterprise to use common SAML IdPs
      • Active Directory Federation Services (AD FS)
      • PingFederate
      • Okta
    • Configure Dash Enterprise to use common LDAP IdPs
      • Okta
  • Upgrade
    • Prepare for the upgrade
    • Upgrade
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • After the upgrade
  • Advanced Troubleshooting
    • Dash Enterprise Architecture and Internals
    • Navigating the System
    • Navigating the Support Bundle
    • Getting Help and Reporting Issues
    • Troubleshooting Specific Issues
Powered by GitBook
On this page

Was this helpful?

  1. Advanced Configuration
  2. Configure Dash Enterprise to use common SAML IdPs

Active Directory Federation Services (AD FS)

PreviousConfigure Dash Enterprise to use common SAML IdPsNextPingFederate

Last updated 2 years ago

Was this helpful?

1 - On the server you intend to use as an IdP:

1.1 - Install the AD FS role service () and enable the Web Server (IIS) role at the same time time

1.2 - In IIS Manager, add an HTTPS binding to your Default Web Site:

  • Go to Server Certificates and create a self-signed certificate, then export it

  • Right-click Default Website > Edit Bindings, then add a new HTTPS binding using the above certificate

1.3 - Configure the federation server ()

2 - Browse to your Dash Enterprise Server Manager Settings and enable SAML:

2.1 - Select the following options:

  • Use SAML for authentication

  • No IdP metadata is available yet

  • Disable TLS/SSL certificate validation when communicating with the IdP

2.2 - Leave the remaining options as their default values

2.3 - Save the settings and restart when prompted

2.4 - When the app reports ready, return to Settings and copy the SP (local) Metadata URL

  • Ensure that your IdP can browse to this URL before proceeding

3 - Return to your Active Directory server and:

3.1 - Create a claims-aware relying party trust () using data imported from the SP (local) Metadata URL from the Dash Enterprise Settings

  • SAM-Account-Name attribute mapped to Name ID outgoing claim type

  • E-Mail-Addresses attribute mapped to EMail Address outgoing claim type

3.3 - Retrieve the Federation Metadata endpoint

  • You can find this in the AD FS snap-in’s > Service > Endpoints view

  • Append this value to your IdP’s hostname to get your IdP metadata URL

4 - Return to your Server Manager settings and:

4.1 - In the SAML settings section, select Enter a URL to the IdP (remote) metadata

4.2 - In the IdP (remote) Metadata URL field, enter the Federation Metadata URL endpoint you retrieved above

4.3 - Save the settings and restart when prompted

3.2 - Add a claims issuance policy with a rule sending the following LDAP attributes as claims ():

guide
guide
guide
guide