Create a Web Logon Procedure 

  1. Login to the DualShield Management Console
  2. In the main menu, select “Authentication | Logon Procedure”
  3. Click the “Create” button on the toolbar
  4. Enter “Name” and select “Web SSO” as the type



  5. Click “Save”
  6. Click the Context Menu icon of the newly created logon procedure, select “Logon Steps”
  7. In the popup windows, click the “Create” button on the toolbar
  8. Select the authentication method, i.e. “Static Password”
  9. Click "Save"
  10. Repeat from 7,8 & 9 to create the second logon step, i.e. "One-Time Password"



Create a Web application 

  1. In the main menu, select “Authentication | Application”
  2. Click the “Create” button on the toolbar
  3. Enter “Name”
  4. Select “Realm”
  5. Select the newly created logon procedure



  6. Click "Save"
  7. Click the context menu of the newly created application, select "Agent"



  8. Select the SSO Server
  9. Click "Save"
  10. Click the context menu of the newly created application, select "Self Test"

Create a Service Provider

  1. In the main menu, select "SSO | Service Providers", click "Create"
  2. Select the "SSO Server", and enter "Name"
  3. Select "Type" as "WS-Federation" 



  4. Click on the "Edit" button to add Attributes

You now need to add attributes that match the 'RoleClaims' and 'identity claims' as specified in the Powershell scripts that will be set up and run in the 'SharePoint Configuration' section.

5. Click 'Create'

6. Create an attribute for the 'RoleClaims'. This will have a fixed value which will contain the name of the role you have setup in the Link Groups script

 

(Remember to replace NameOfRole with the actual name specified in the RoleClaims)

7.  You now create the 'identity claims attributes' which will be mapped to AD attributes.  There are usually three attributes containing emailaddressgivenname and surname. (see enable SSO script)

You can map a value as follows:

In the "Maps To" section click on the corresponding search button

Here you will select the Identity Source corresponding with your domain and choose the Email identity attribute from the drop down list.

Remember to make sure Return Response is enabled on all your attributes.

Click Save

8. Repeat the process for givenname and surname attribute mappings until you get a list as below:

9. Click "Save"

10. Click "Save" at the bottom of the New Service Provider window.