System administrators and professional IT team members in Iconic Tier organizations can use this feature.
You can connect your organization's Active Directory Federation Services (ADFS) instance to LabLog for a seamless single sign-on experience for your users.
Step 1: Set up ADFS for LabLog
- Sign in to the MS Windows server where ADFS is installed. This guide can help you install ADFS.
- Open the ADFS management console and select Trust Relationships, then Relying Party Trusts in the left console tree.
- Click Add Relying Party Trust from the Actions menu on the right.
- In the Select Data Source step, toggle the option Enter data about the relying party manually.
- Next, specify the display name for your application in the Specify Display Name tab. We suggest calling it something like Company name - LabLog. Notes are optional.
- In the Choose Profile tab, select ADFS Profile.
- On the Configure Certificate tab, leave the certificate settings at their defaults.
- In the Configure URL tab, select the box Enable Support for the SAML 2.0 WebSSO protocol and enter the SAML Authorization Callback URL from the LabLog super admin dashboard.
- In the Configure Identifiers tab, type https://labnotebook.app/sso and click Add.
- No need to add multi-factor authentication as this can be handled by LabLog.
- Select Permit all users to access this relying party, then click Next and review your settings
- Ensure you’ve toggled Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and select Close.
- Next, you'll create rules, or assertion claims, for your relying party trust. Keep in mind, you will need two claims: one for LabLog Attributes and one for NameID.
- Click Add Rule.
- Create a rule to send LDAP attributes as claims.
- Next, create another rule to transform an incoming claim.
- Open the required NameID claim rule, and change the incoming claim type to UPN and the outgoing name ID format to Email. Then click OK to save.
Step 2 — Integrate LabLog with your IDP
Now you can add the ADFS details to your LabLog super admin dashboard SSO form.
- Log into your LabLog super admin dashboard and browse to the Single Sign-On page.
- Type the ADFS SAML 2.0 Endpoint URL (SAML 2.0/W-Federation URL endpoint) in the SAML SSO Login URL field. The default ADFS endpoint is /adfs/ls/.
- Enter your Identity Provider Issuer in the Entity ID field.
- If you're unsure of these endpoints, run PS C:/> Get-AdfsEndpoint in Powershell on the device where ADFS is installed.
- From ADFS's Encryption tab, copy your entire token-signing x.509 Certificate and paste it in the Public Certificate field.
- You can also get the ADFS values from the federation metadata XML file that is installed by default at the ADFS endpoint /federationmetadata/2007-06/federationmetadata.xml
- After you have filled out the SSO form in your LabLog super admin dashboard click on Save and then click on Verify to view the claims that are received by LabLog.