Accessibility Mergeti la continut
ID articol: 000027690
Last Modified Date: 05/15/2021
Access Level: Public

Plantronics Manager Pro Configuration for SSO with ADFS

Upload ADFS IDP metadata to Plantronics Manager Pro:
1. Open a browser and enter the following URL:  https://[ADFS server]/FederationMetadata/2007-06/FederationMetadata.xml (Replace “[ADFS server]” with the hostname of your ADFS server). This should trigger a download of your environments ADFS IDP metadata in the form of a .xml file.              Save the resulting file to your desktop.
2. Open a browser and log in to your Plantronics Manager Pro web console. On the left-hand side, menu select  SSO. Under Identity Provider (IDP) Parameters click Upload IDP Metadata. Select the .xml file you downloaded in the previous step. 
Image of the IDP metadata upload
3. Plantronics Manager pro will read the IDP file and pull the needed URLs. When completed, the Identity provider Issuer and Identity Provider SSO URL should be populated with your ADFS instance information (you may want to hit the refresh button if this process appears to be taking longer than a few minutes). Proceed to section Configure ADFS party trust.

Configure ADFS Party Trust:
  1. Download pm_pro_saml_metadata.xml file from Plantronics manager pro web console by clicking the Download SP Metadata button
  2. Log on to your ADFS server, and open the ADFS management console
  3. Copy the pm_pro_saml_metadata.xml file to your ADFS server desktop
  4. Click Add relying party trust and click start
  5. On the Select data source page, select Import data about the relying party from a file. Click browse and select the pm_pro_saml_metadata.xml file that you copied to the desktop of the ADFS server. Click next.
User-added image

6. Type Plantronics Manager Pro for the Display name and click Next.
User-added image
7. Choose if you would like to configure multifactor authentication. To set this up later simply select “I do not want to configure multi-factor authentication settings for this relying party at this time” and click next.
8. On the issuance authorization rules screen, select the appropriate setting for your environment. To allow all users to access PMP via ADFS select Permit all users to access this relying party. If you would like to lock down access to a specific group select Deny all users access to this relying party. Click next through the following windows to complete the wizard. The edit claims rules window should automatically open once the wizard is completed.
9. Under the Issuance Transform Rules tab click Add rule. Select the rule template Send LDAP Attributes as Claims and click next.
10. Enter a name for the claim rule such as PMP attributes and select Active Directory as the attribute store. Create the attribute mappings shown in the figure below and click finish.
User-added image

11. Back to the Edit claims rules window select Add Rule to add a second rule.
12. In the “Add Transform Claim Rule wizard” choose Transform an Incoming Claim as the claim rule template and click next.
13. In the Claim rule name field enter Email Transform. Match the settings in the rest of the form to the ones shown in the figure below and click finish.

User-added image

14. You should now have two claims rules listed in the claims rules editor (see figure below). If would like to control SSO access to PMP to a specific group configure Issuance Authorization Rules now.
User-added image