On-Premise ADFS Integration

ZingHR supports ADFS integration for single sign-on for on-premise AD. To complete the integration on your ADFS server, we will need the following information

1. Metadata URL of your ADFS Server
2. One of your domain user's credentials to test from our end
3. Whitelist below URLs on your ADFS server as a Relying Party Trust
   1. For Development environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/Signin
   2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/Signin

Follow the below steps to whitelist URLs as a Relying Party Trust

Note : In below screenshot, kindly replace the name 'dev' with 'clientuat' wherever applicable

1. Open ADFS Management Console & click on 'Add Relying Party Trust'
   
   
   
2. In the next screen click on 'Start' button
   
   
   
   
3. In the next screen select 'Enter data about relying party manually' option and click Next button
   
   
   
4. In the next screen enter any display name you want in 'Display name' textbox  and click Next button
   
   
   
   
5. In the next screen select 'ADFS profile' option and click Next button
   
   
   
   
6. In the next screen click Next button, as we are not using any certificate for integration
   
   Please follow the below link : (mentioned link is a case sensitive)
   https://portal.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback
   
   
   
   
7.  In the next screen select 'Enable support for the WS-Federation Passive protocol' option and in the 'Relying party WS-Federation Passive protocol URL' textbox enter

   
   

   'https://portal.zinghr.com/{CompanyCode}/Account/SigninCallback' url  and Click on Next button

   
   

   1. For UAT environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback

   2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback
   
   
   
   

8. In the next screen in the 'Relying party trust identifier' textbox enter 'https://portal.zinghr.com/{CompanyCode}/Account/Signin' url  and Click on Add button and then click on Next button

   
   

   1. For UAT environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/Signin

   2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/Signin
   
   
   

9. In the next screen select 'I do not want to configure multi-factor authentication' option and click on Next button
   
   
   
   
10. In the next screen select 'Permit all users to access this relying party trust' option and click on Next button
    
    
    
    
11. In the next screen you can validate all the details which you have entered  and click on Next button
    
    
    
    
12. In the next screen select 'Open the edit claim rules dialog'  option and click on Close button
    
    
    
    
13. Once you click Close button new window will appear for configuring claim rules for the relying party, so in the next screen click on  'Add Rule' button
    
    
    
    
14. In the next screen select 'LADP Attributes as Claims'  option from claim rule template and click on Next button
    
    
    
    
15. In the next screen in the 'Claim rule name' textbox enter any name you want, then in attribute store dropdown select 'Active Directory' option.
    Now in Mapping of LDAP attribute section
    Select User-Principal-Name in LDAP Attribute column
    Select UPN in the outgoing claim type column
    and click on Finish button
    
    
    
    
16. Now you have successfully configured ZingHR as relying party trust in your ADFS server , you should able to see ZingHR in Relying Party Trust lists of your ADFS server
    
    
    
    17. Once done with above configuration at your end then raise a JIRA request under SSO Integration category with following details.
    1. Metadata URL of your ADFS Server
    2. One of your domain user's credentials
    3. List of UPN (User Principal Name) with respective Employee Codes e.g. test@adfs.com