Highfive Admin users on the SMB, Enterprise, or older Standard and Professional plans can enable SSO, or single sign-on. This feature allows your users to log-in to Highfive with an identity management solution you've already set up. This article will help you configure SSO specifically for Active Directory Federation Services, or ADFS.
What you'll need:
- Google Chrome web browser
- Have Highfive Admin user permissions
- Have the Highfive Domain Dashboard open
- Active Directory Federation Services (ADFS)
- Log into the server that ADFS is hosted on
- Launch ADFS through server manager
- Click on Action > Add on Relying Party Trust
- For selecting a data source > select Enter data about the relying party manually
- Specify the display name for the relying party. Here, we used Highfive ADFS as ours to make it easy to identify.
- When choosing a profile > choose AD FS profile
- Skip Configuring Certificate by clicking Next.
- Under Configure URL, select Enable Support for the SAML 2.0 WebSSO Protocol
- Configure Identifiers next. Use the example provided in the window to create your URL.
- Configure claim rules to make sure LDAP are mapped to Highfive attributes
- Click OK
Highfive Configuration in the Domain Dashboard
- Make sure you are signed in to Highfive then go to the Domain Dashboard.
- Your Dashboard link will use this format: https://yourdomain.highfive.com/domain/dashboard
- Click on the Authentication option
- Select Start Configuration
SAML Provider URL
- Below is the link format you will need to use. The orange-colored text in the link needs to be replaced with whatever your own ADFS and Highfive instances are.
- Format: https://YourAdfsServerdomain.com/adfs/ls/idpinitiatedsignon.aspx?loginToRP=https://YourHighfivedomain.highfive.comHere's an example of a SAML provider link that has been edited:
- SAML Provider Issuer
- To get this, go to ADFS, right-click on Service and edit Federation Properties.
- Copy the Federation Services Identifier
- Paste this link into the SAML Provider Issuer
- SAML Provider X.509 Certificate
- For this last field, you will need to export the certificate and paste certificate into the Highfive Domain Dashboard.
- Open AD FS Management Server
- Go to: AD FS > Service > Certificates
- Select your certificate under token-signing and double click into the details tab
- Click Copy to File…
- Export to Base-64 encoded X.509 (.CER)
- Give the file a name and click Finish
- Open certificate via Notepad (Windows)
- The entire certificate should begin with BEGIN CERTIFICATE and end with END CERTIFICATE
- Copy the whole certificate and paste it into the Highfive Domain Dashboard in the SAML Provider X.509 Certificate field
- Click on Test Configuration to check the configuration. If that is successful the Apply Configuration option will show up to save.
- You're almost done! The next step is to actually test the configuration.
- Open an Incognito (private browsing) Chrome window and sign-into Highfive with this link. This step is highly recommended so that you are able to revert your changes within the original Chrome window if something unexpected occurs. You can open a new Incognito window by going to your Chrome settings > New Incognito window.
- If something unexpected does occur and you are not logged into Highfive properly, you can navigate back to your original Google Chrome window and click on Disable SAML, which will revert the changes.
- The correct configuration will bring you to the Highfive home page where you can start and join meetings or share your screen.
Success! After this you are done with the configuration. Your users will now log into Highfive via ADFS.
For assistance with setting up Active Directory SSO, please contact Highfive Support at firstname.lastname@example.org.