Single Sign On with ActiveDirectory Federation Services (ADFS)
If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.
- Getting Started
- Knowledge Base Settings
- Article Editor
- Swifty (In-App Widget)
- API V2 (OLD)
- API V3
- Billing / Subscription
Helpjuice supports SSO authentication with ADFS.
To make it work, you'll need to configure Helpjuice as a trusted party in your ADFS server. In some cases, you may use the XML Metadata below to do it, but you can also do it using their step-by-step wizard.
<?xml version="1.0" encoding="utf-8"?> <EntityDescriptor ID="_271f377f-78d8-4133-8c46-a73c4936bb1f" entityID="https://helpjuice.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <RoleDescriptor xsi:type="fed:ApplicationServiceType" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <fed:TargetScopes> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsa:Address>https://helpjuice.com/</wsa:Address> </wsa:EndpointReference> </fed:TargetScopes> <fed:PassiveRequestorEndpoint> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsa:Address>https://helpjuice.com/</wsa:Address> </wsa:EndpointReference> </fed:PassiveRequestorEndpoint> </RoleDescriptor> </EntityDescriptor>
The following images show an example configuration on ADFS side to authenticate Helpjuice users. Keep in mind that your actual requirements and configuration may change depending on your environment.
In this tab, you set the Relying party identifiers:
In the Endpoints tab, you add the following URL as the Assertion Consumer Endpoint. If you use a CNAME, you may also need to add that. Example: support.mycompany.com/sso/my_subdomain.
This is the Helpjuice Rule to get the attributes from your Active Directory. This may differ from your environment, but Helpjuice needs an email address to be sent in the nameid field. If that is not possible in your environment, you can use send the email in another field and set that field in Helpjuice Settings > SAML > SSO Email Field.
You also need to go to Helpjuice Settings > SSO and fill in the details about your ADFS server. For ADFS, you'll need to provide a Identity Provider URL, the SHA1 Fingerprint, Issuer (which is just your Helpjuice URL) and set Authn Context to blank.