Prerequisites
- AD FS 3.0 or later
We require AD FS 3.0 or later. AD FS will need to be configured properly and publicly accessible from the Internet for XVWeb to use it for authentication. See Microsoft's AD FS Overview documentation for more details. - Microsoft Server Manager
https://docs.microsoft.com/en-us/windows-server/administration/server-manager/server-manager
Procedures
- In Server Manager, add a new relying party trust and choose to enter data manually. See Microsoft documentation for more details.
- The display name can be anything. We recommend using “XVWeb” so that it will be easier to remember.
- Leave the certificate configuration blank. This will use the default AD FS certificates.
- Enable support for the WS-Federation Passive protocol.
- The URL will be:
https://identity.xvweb.net/{Site_Name}.{Site_Hostname}/ - For example, https://identity.xvweb.net/mydentalpractice.xvweb.net/
- The URL will be:
- The WS-Federation Passive URL should already be listed in the relying party identifiers. If it is not, add it.
- You will also need to add an additional identifier:
- urn:{Site_Name}.{Site_Hostname}
- For example, urn:mydentalpractice.xvweb.net
- Continue selecting Next until you have reached claims setup.
- Add a new rule. Select Send LDAP Attributes as Claims. Set up the rule as follows:
- Set up claims - these use the “Send Group Membership as a Claim” Valid roles (case sensitive) are:
- XvWebAdmins
- XVWebEdit
- XVWebQuery
- XVWebExport
- XVWebCapture
- XVWebPrint
- XVWebShare (reserved for future development)
See XVWeb User Roles and Privileges for details.
If you don't already have an open ticket regarding your switch to AD FS SSO, you can submit a new ticket here. Be sure to include the publicly available URL in your communication.
Article Version 1.0 12/13/2024