Note: This article is intended for Playvox QMS customers, only. Please refer to this article if you would like to configure SSO with AD FS for your Playvox WFM product.

“SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).” - auth0

SAML 2.0 single sign-on (SSO) and Microsoft Active Directory Federation Services (ADFS) 3.0 can be used together for your QMS Playvox sites to give you a better user experience and heightened security.

Note: If you're using the Playvox Europe hosted site make sure to change all the .com in URLs to .eu

  1. On your ADFS Server, Open up AD FS Management.

Log into your AD FS server and launch the ADFS Management Console via the shortcut in Control Panel\Administrative Tools.

2. Right-click on Relying Party Trusts and select Add Relying Party Trust. This will

launch the Add Relying Party Trust Wizard.

3. In the Select Data Source step, choose Enter data about the relying party

manually.

4. Enter a Display name and click Next

5. Choose AD FS profile with SAML 2.0 and click Next.

6. Click Next on the Configure Certificate screen without choosing any certificates.

7. Select Enable support for the SAML 2.0 SSO Web SSO protocol.

8. Enter the login URL https://my.playvox.com/saml/consumer and click Next.

Remember: If you're using the Playvox Europe hosted site make sure to change all the .com in URLs to .eu

Example: https://my.playvox.eu/saml/consumer

Note: Please make sure that you always use an https URL

9. Under Relying party trust identifier:

https://my.playvox.com/saml/audience

Click Add. Then click Next.

Again, if you're using the Playvox Europe hosted site, make sure to change all the .com in URLs to .eu

https://my.playvox.eu/saml/audience

10. Click Next on the following slides until you reach the Finish screen.

11. Check the box to Open the Edit Claim Rules dialog before clicking finish to edit

further configuration. This will launch the Edit Claim Rules window.

12. Click on Add Rule and Choose Claim Rule as Send LDAP Attributes as Claims.

13. You can add the Outgoing claim Type as shown in the image below.

14. Click Finish.

15. Click Add Rule again. Then choose Transform an Incoming Claim and click

Next.

16. Setup Email ID to be sent as NameID as shown below and click Finish.

Make sure that the order is maintained (LDAP Attributes followed by the NameID) and click Apply.

17. On the AD FS Management window, right click on the Relying Party for Playvox

and choose properties. Under the Advanced tab, choose SHA­-256 as the

Secure hash Algorithm.

18. On the AD FS Management Window, choose Services -> Certificates and

double click on Token Signing Certificate, which will give you an option "copy

to file". By doing this, you will be able to export the X509 certificate from the

raw file.

19. Copy the X509 Certificate from the file.

Playvox Settings

  1. Login in your Playvox account

  2. Go to Settings > Community.

  3. Click on the Security tab.

  4. Under the authentication section, you'll find multiple options for authentication using external providers. Select the option "Allow SAML sign on for everyone".

Note: If this option is not visible in your site please reach out to our team to support@playvox.com.

5. Once the option is activated, Playvox will request some additional information to

complete the configuration.

Remote Login URL

http://YOUR_ADFS_SERVERNAME/adfs/ls/

Remote Logout URL

http://YOUR_ADFS_SERVERNAME/adfs/ls/?wa=wsignout1.0

Issuer URL

http://YOUR_ADFS_SERVERNAME/adfs/services/trust

X.509 Certificate

Insert your generated X.509 Certificate.

Hooray! You are now set to log in with ADFS SAML SSO in Playvox.

If you have any questions or need help with configuring the ADFS SAML SSO, please contact support@playvox.com

Did this answer your question?