Connect Resco Cloud to custom ADFS

From Resco's Wiki
Jump to: navigation, search

These steps will guide you through the process of connecting Resco Cloud to a custom Active Directory Federation Services (ADFS).

Configure ADFS

  1. Start Server Manager > Tools > AD FS Management.
  2. On the Actions pane, click Add Application Group... to start the Add Application Group Wizard.
    • In the Welcome step, enter a Name (for example "Resco Cloud"), select the Server application accessing a web API template, then click Next.
    • In the Server application step, enter https://<your_server_name>/Authenticate.aspx/ADFS as the Redirect URI for your Resco Cloud organization instance and click Next.
    • In the Configure Application Credentials step, check Generate a shared secret, then copy and save the secret. Click Next.
    • In the Configure Web API step, https://resco.net/rescocloud as the Identifier for web API and click Next.
    • In the Apply Access Control Policy step, select a policy. As default, use Permit everyone. Click Next.
    • In the Configure Application Permissions step, keep openid as a permitted scope, then click Next.
    • To finish the wizard, click Next and Close.
  3. Select the Resco Cloud application group and click Properties on the Actions pane.
  4. Click Add Application to start the Add a new application to Resco Cloud wizard.
    • In the Welcome step, select Native application template and click Next.
    • In the Native application step, enter 3cf04e1c-f7ff-4d09-8581-503d794ef5ba as the Client Identifier for the Resco Mobile CRM application, add https://www.resco.net/oauth.html as the Redirect URI, then click Next.
    • To finish the wizard, click Next and Close.
  5. Select Resco Cloud – Web API, click Edit, and go to the Client Permissions tab.
  6. Click Add..., select Resco Cloud - Native application and check openid as a permitted scope.
  7. Select Issuance Transform Rules and click Add Rule...
  8. Select Send LDAP Attributes as Claims, then click Next.
  9. Enter UPN rule settings to match the screen shot below, then click Finish.
    Transform claim rule.png
  10. Click Add Rule... again, select Send LDAP Attributes as Claims, then click Next
  11. Enter SID rule settings to match the screen shot below, then click Finish.
    Transform claim rule 2 sid.png
  12. Click Apply, then close Resco Cloud Properties.

Connect your Resco Cloud to ADFS

  1. Sign in to the Resco Cloud management console using a System Administrator user account.
  2. Start the Admin Console.
  3. Select Settings > Organization from the menu to edit the properties of your organization.
  4. In the ADFS line, click Connect....
  5. As ADFS Metadata URL, enter the URL to your ADFS server (e.g. https://adfs.server.com/adfs).
  6. The read-only Redirect URI is provided for your reference (you need it for ADFS configuration).
  7. Enter the Client ID and Client Secret from ADFS configuration.
  8. Click Connect Now.
  9. You are redirected to the ADFS login page. Sign in and you return to the Admin Console with the ADFS state set to Connected.

Assign AFDS users

You have to assign ADFS users to new or existing users of Resco Cloud.

  1. In the Admin Console, go to Resources > Users.
  2. Select an existing user or create a new one.
  3. As the Domain Name, select the ADFS login name (by default, this is the email address) of the user who you want to associate with the selected Resco Cloud user.
  4. Click Save & Close.

A red text saying Inactive is displayed next to the Domain Name until the user logs in for the first time. At that point, the text changes into a green Active. Until the user logs in for the first time, the red “Inactive” will be displayed next to the “Domain Name” field. After the

Connect Resco mobile app to Resco Cloud that uses AD FS

  1. Tap Synchronize.
  2. As User Mode select OAuth.
  3. Enter the URL of your organization, usually https://{organizationname}.rescocrm.com.
  4. Enter a new password that protects your offline data (twice). This password cannot be recovered so remember it well.
  5. Tap Synchronize.
  6. Enter your AD FS credentials.