Integrating Microsoft ADFS with SAP Field Service Management


Attention: SAP Field Service Management documentation is now available at the SAP Help Portal. On 31 December 2020, docs.coresystems will no longer be available. Until that time, documentation will NOT be updated in docs.coresystems.

Intro

The following document outlines the steps required to integrate Microsoft ADFS with SAP Field Service Management.


Prerequisites

  • MS Windows Server 2008 R2 and Active Directory role.
  • ADFS 2.0. You can download the appropriate version from Microsoft

ATTENTION: Do NOT install the ADFS provided with the Win Server 2008 R2, as this version includes ADFS version 1.1.


Add Relying Party Trust

1.) Start ADFS Management Console

2.) Navigate to AD FS 2.0 & Trust Relationships & Relying Party Trusts

3.) Click on “Add Relying Party Trust…” on the right menu.

4.) Choose “Import data about the relying party published online or on a local network”

5.) Input the URL of the cloud’s Service Provider metadata. The URL is available in the Admin portal. It would then appear as follows: https://auth.coresuite.com/api/oauth2/v1/saml/{yourCloudAccountNameHere}/metadata

6.) Choose Display Name in the format “{environment} - account: {accountname}”

7.) Choose Permit all users to access relying party

8.) Select Finish


Configure Claim Rules

1.) After adding a Relying Party Trust, click on it in the ADFS Management Console and choose “Edit Claim Rules…”

2.) Add Rule of type “Send LDAP Attributes as Claims” and fill in the rule as shown here:

Note: it is important to use the LDAP attribute containing user email addresses (for example: E-Mail-Addresses).



3.) Add Rule of type “Transform an Incoming Claim” and fill the rule as shown here:



4.) Click Save and close the dialogue.