Windows Azure Active Directory has become an integral part of the Microsoft cloud ecosystem and it does provide a very robust single sign-on solution for cloud. Most of the enterprise clients federate their OnPremises AD for cloud solutions using ADFS. As part of the customer implementations, question comes up pretty often that can AgilePoint NX integrate with ADFS.
It is available as one of the native authentication options available in AgilePoint NX portal. There are more than one way sof achiving this
Option1: Through Windows Azure AD
You do not need to setup anything special for AgilePoint NX Server to be federated with your organization as long as your Office 365 or Windows Azure AD is federated with your ADFS. When you first signed up for AgilePoint trial, you are able to complete sign up and even able to sign in to our portal using your office 365 ID that means you were able to login to AgilePoint NX Server using federated ID without any special configuration. The reason was that we run authentication against Microsoft’s Windows Azure Active Directory endpoint which is already federated by you when you added Office 365 to ADFS.
As long as you grant permission to AgilePoint NX portal and server to read user’s basic profile information which you already do as part of your sign up process (There were 2 grant screens one for portal and other for AgilePoint NX Server), you are good to go without any extra configuration. It does not need any extra config except the fact that you approve our portal and server during sign up.
As your office 365/WAAD account is federated i.e. as long as https://login.microsoftonline.com/login.srf is federated with ADFS, no special config is needed for AgilePoint NX because it supports Windows Azure AD Authentication which is same as what Office 365/WAAD uses and calls to obtain access token are going through Microsoft Windows Azure AD and our app has same status as Office 365 i.e. both are granted permission to obtain token. Thanks to Microsoft that is has a very clean architecture for this. You won’t need on-prem or dedicated installation for this. Only reason you would have had to federate AgilePoint NX directly with ADFS would be if you did not have Office 365 or Windows Azure AD which is explained in option #2.
Infact the same logic applies to a lot of 3rd party authentication systems like Okta, Ping Federated i.e. following URL is protected
https://login.microsoftonline.com/login.srf
then the same will work for AgilePoint NX portal and server as well. All user needs to do is to click Office 365 login option or Windows Azure AD login option to Sign-In.
Option 2: Directly Federate with ADFS
ADFS as such is a very complex topic and most system admins out there also struggle with that. AgilePoint services team has already performed ADFS 3.0 and ADFS 4.0 integration for various clients and hence it is recommended to work with them to get the configuration done properly.
However option #1 is the one I personally recommend as whatever you setup is not specific to AgilePoint as it can be used for other cloud based systems as well.