SSO setup - ADFS (SAML 2.0)

Follow

Splashtop now supports logging in my.splashtop.com and Splashtop Business app using the credential created from your SAML 2.0 identity providers. Please follow the below instructions to create a Relying Party Trust with AD FS.

Create a Relying Party Trust with AD FS

Follow Microsoft document to create a Relying Party Trust, please check only To create a claims aware Relying Party Trust manually section:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-relying-party-trust

Follow steps 1 to 6 in the document. (Select AD FS 2.0 Profile)

At step 7, Configure URL page, select the Enable support for the SAML 2.0 WebSSO protocol checkbox. Under Relying party SAML 2.0 SSO service URL, type "https://my.splashtop.com/sso/saml2/adfs/acs", then next.
Snag_221e174e.png

At step 8, Configure Identifiers page, add https://my.splashtop.com and https://my.splashtop.com/saml/metadata.
Snag_131d4984.png

Add a claim

1. Select the Relying Party Trust you just created, click Edit Claim Insurance Policy.

2. Click Add rule, select Send LDAP Attributes as Claims, then next.
Snag_10ea6f20.png

3. Select Active Directory as Attribute store, then add E-Mail-Address and User-Principal-Name.
E-Mail-Address: E-mail Address
User-Principal-Name: Name ID 
Snag_10f02335.png

Add another claim

1. Add another rule with Claim rule template Transform an Incoming Claim.
Snag_10f387cc.png

2. Set up Name ID.
Incoming claim type: E-mail Address
Outgoing claim type: Name ID
Outgoing name ID format: Email 
Snag_10fae02b.png

 

 

Apply for an SSO method from my.splashtop.com

Now you can follow the instruction to insert required info to apply for an SSO method:
https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/360038280751

Note: 

a. You should have your own login URL and Issuer to insert on my.splashtop.com.
b. Follow below instructions to get your X.509 info to insert on my.splashtop.com.

Click Service -> Certificates -> View Certificate on the Action menu on the right side. (You should already installed IIS with your certificate.)
Click Details on the Certificate window, and then click Copy to File”4, and choose Base-64 encoded X.509.

Snag_110f7b12.png

Right-click on the exported certificate, then copy the info to paste in the corresponding field on my.splashtop.com.
Snag_130eeaaf.png

Snag_130f3370.png

 

0 out of 0 found this helpful