Navigate
or
Contact Us
Subscribe Download PDF

AssetCloud & InventoryCloud: New user invitation process with Active Directory Federated Services (ADFS) authentication enabled

Scott Leonard
2019-10-17
in Cloud

This article applies to AssetCloud and InventoryCloud (Wasp's Cloud system) when using Active Directory Federated Services (ADFS) authentication.

One-time (or infrequent) setup steps:

1. Follow the steps in the Help files to configure the Cloud tenant to use ADFS authentication.

2. In the Active Directory user interface, create (or identify) a group that will contain users of the Cloud tenant. Any user who needs access to the Cloud system should be added to the appropriate AD group.

3. In the Cloud system, an Application Admin user creates a Role with the same name as the AD group.

Steps to be done when inviting each user, and expected results:

1. An Application Admin user logs into the Cloud tenant.

2. In the Users section, go through the New User process and Send Invitation.

3. The new user should receive an email with an invitation link.

4. While logged into Windows with their Active Directory credentials, the user should open the registration link from the email.*

5. The link instructs the Cloud system to request authentication from the ADFS server for the logged-in Windows user. (The Cloud system never stores the user's password; it just receives a pass/fail response from ADFS.)

6. If the ADFS authentication fails, the user will not get to the registration page. Troubleshoot the ADFS configuration problem (outside the scope of Wasp's Technical Support).

If ADFS authenticates the user successfully, the Cloud system shows a registration page to complete and accept the invitation. This page has a Mobile Password field that is only needed if the user will be using a mobile app (Android, iOS, or Windows Mobile device) which cannot use a Windows ADFS password.

7. After the invitation has been accepted properly, the user should now be able to browse to the tenant URL on the Windows PC and get logged in automatically (without being prompted for username & password).*

* If the user is not currently using a PC that is joined to the domain, the ADFS server will generally authenticate the user using their domain username and password or any other authentication methods configured on the ADFS server.