ZingHR supports ADFS integration for single sign-on for on-premise AD. To complete the integration on your ADFS server, we will need the following information
- Metadata URL of your ADFS Server
- One of your domain user's credentials to test from our end
- Whitelist below URLs on your ADFS server as a Relying Party Trust
- For Development environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/Signin
- For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/Signin
Follow the below steps to whitelist URLs as a Relying Party Trust
Note : In below screenshot, kindly replace the name 'dev' with 'clientuat' wherever applicable
- Open ADFS Management Console & click on 'Add Relying Party Trust'
- In the next screen click on 'Start' button
- In the next screen select 'Enter data about relying party manually' option and click Next button
- In the next screen enter any display name you want in 'Display name' textbox and click Next button
- In the next screen select 'ADFS profile' option and click Next button
- In the next screen click Next button, as we are not using any certificate for integration
Please follow the below link : (mentioned link is a case sensitive)
https://portal.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback - In the next screen select 'Enable support for the WS-Federation Passive protocol' option and in the 'Relying party WS-Federation Passive protocol URL' textbox enter
'https://portal.zinghr.com/{CompanyCode}/Account/SigninCallback' url and Click on Next button
1. For UAT environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback
2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback
- In the next screen in the 'Relying party trust identifier' textbox enter 'https://portal.zinghr.com/{CompanyCode}/Account/Signin' url and Click on Add button and then click on Next button
1. For UAT environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/Signin
2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/Signin
- In the next screen select 'I do not want to configure multi-factor authentication' option and click on Next button
- In the next screen select 'Permit all users to access this relying party trust' option and click on Next button
- In the next screen you can validate all the details which you have entered and click on Next button
- In the next screen select 'Open the edit claim rules dialog' option and click on Close button
- Once you click Close button new window will appear for configuring claim rules for the relying party, so in the next screen click on 'Add Rule' button
- In the next screen select 'LADP Attributes as Claims' option from claim rule template and click on Next button
- In the next screen in the 'Claim rule name' textbox enter any name you want, then in attribute store dropdown select 'Active Directory' option.
Now in Mapping of LDAP attribute section
Select User-Principal-Name in LDAP Attribute column
Select UPN in the outgoing claim type column
and click on Finish button - Now you have successfully configured ZingHR as relying party trust in your ADFS server , you should able to see ZingHR in Relying Party Trust lists of your ADFS server
17. Once done with above configuration at your end then raise a JIRA request under SSO Integration category with following details.- Metadata URL of your ADFS Server
- One of your domain user's credentials
- List of UPN (User Principal Name) with respective Employee Codes e.g. test@adfs.com
