Access PlanMill through Microsoft Active Directory Federation Services (ADFS) using Single-Sign On (SSO).
These instructions are intended for customers who want integrate their PlanMill authentication with Microsoft ADFS for Single-Sign On authentication.
ADFS authentication is achieved using OAuth2 and OpenID Connect to allow multiple authentication methods in the same PlanMill instance (for example customers, PlanMill support and other external or temporary users can use normal authentication and internal staff AD FS).
The ADFS Single-Sign On can be ordered as an additional service to PlanMill software (CRM, PROJECT & ERP) as follows:
- Software service (user based fee): PlanMill Single-Sign On (SSO) subscription which, will be charged monthly based on the active number of users.
- Implementation (One-time fee): PlanMill Cloud SSO for AD FS Setup Pack includes PlanMill Cloud environment (Customer instance) related configuration work.
- Consulting and other services: Will be ordered separately, if needed.
- Get a quote or order now: Send an email to firstname.lastname@example.org.
When ordering provide the following information
- When do you want to switch to using the SSO? Note that extra price may apply if switch is done outside normal service hours (9-17)
- Your ADFS server public address, e.g. https://adfs.customer.domain.com to be configured in the instance configuration by PlanMill Customer Care.
- Our customer service will send you back the GUID to be used as ClientId when you set up the ADFS client for PlanMill in your servers.
Note: Before ordering make sure, that your company has ADFS services enabled (usually you do if you have Office365, because it requires ADFS).
- Customer: Responsible for configuring their ADFS to acknowledge PlanMill oAuth2 SSO.
- PlanMill: Responsible for configuring PlanMill Cloud environment.
Add ADFS Relay Party Trust with following Identifier: https://online.planmill.com
Otherwise everything can be default.
Add Claim Rules (LDAP -> Outgoing) for Relay Party Trust:
User-Principal-Name -> E-Mail Address
You get the following event message on ADFS server:
This means that the clientid is not registered on the ADFS server. Check that the Active Directory Federation Services -service is running.