We have what you need - check out our features! - Contact us - Follow us in Twitter


Skip to end of metadata
Go to start of metadata

General information

Access PlanMill through Microsoft Active Directory Federation Services (ADFS) using Single-Sign On (SSO). 

These instructions are intended for customers who want integrate their PlanMill authentication with Microsoft ADFS for Single-Sign On authentication.

ADFS authentication is achieved using OAuth2 and OpenID Connect to allow multiple authentication methods in the same PlanMill instance (for example customers, PlanMill support and other external or temporary users can use normal authentication and internal staff AD FS). 

Pricing and ordering of the service

The ADFS Single-Sign On can be ordered as an additional service to PlanMill software (CRM, PROJECT & ERP) as follows:

  • Software service (user based fee): PlanMill Single-Sign On (SSO) subscription which, will be charged monthly based on the active number of users.
  • Implementation (One-time fee): PlanMill Cloud SSO for AD FS Setup Pack includes PlanMill Cloud environment (Customer instance) related configuration work.
  • Consulting and other services: Will be ordered separately, if needed.

Princing & ordering

  • Get a quote or order now: Send an email to sales@planmill.com.

When ordering provide the following information

  • When do you want to switch to using the SSO? Note that extra price may apply if switch is done outside normal service hours (9-17)
  • Your ADFS server public address, e.g. https://adfs.customer.domain.com to be configured in the instance configuration by PlanMill Customer Care.
  • Our customer service will send you back the GUID to be used as ClientId when you set up the ADFS client for PlanMill in your servers.

Note: Before ordering make sure, that your company has ADFS services enabled (usually you do if you have Office365, because it requires ADFS).

Responsibilities

  • Customer: Responsible for configuring their ADFS to acknowledge PlanMill oAuth2 SSO.
  • PlanMill: Responsible for configuring PlanMill Cloud environment.

Technical instructions for setting ADFS up on customer side


Add AdfsClient to authorization server (run cmd with administrator rights):

powershell Add-AdfsClient -ClientId [generated GUID] -Name PlanMill -RedirectUri https://online.planmill.com:443/[customer instance]/action_oauth_verify

Add ADFS Relay Party Trust with following Identifier: https://online.planmill.com

Otherwise everything can be default.

Add Claim Rules (LDAP -> Outgoing) for Relay Party Trust:

User-Principal-Name -> E-Mail Address

Troubleshoot

Invalid clientid:

You get the following event message on ADFS server:

This means that the clientid is not registered on the ADFS server. Check that the Active Directory Federation Services -service is running. 

To manually add the clientid follow the instructions.

Labels

adfs adfs Delete
sso sso Delete
single-sign single-sign Delete
authentication authentication Delete
microsoft microsoft Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.