Configuring SSO for Active Directory (AD) and LDAP (End User) - Server 2008/2012

Updated: 09/14/2022
Article #: 202


How to configure SSO for Microsoft Active Directory (AD) on Windows server 2008.


Part A: Configuring your Windows Server 2008/ 2012

Please be sure the following server role is installed:

- IIS (must be part of your domain / access to your domain controller)



For IIS Roles Services, please make sure to install the following:

- Application Development
- ASP.NET
- ASP
- Server Side Includes
- Windows Authentication

After you have installed the roles and services, please configure IIS Server to use "Windows Authentication".

Note: Please disable "Anonymous Authentication".

 

 

Ex)



Part B: Download the authentication script on your IIS Server that you setup above.

1. Download the ASP authentication script from: 


https://support.cayzu.com/files/1001/0C7DD7B4-FA1B-4272-9F0C-19A7F8FDC1FB/kb/topics/5829/CayzuADAuth.zip

2. Create a new folder in your IIS server root and name it "Cayzu". Ex) c:\inetpub\wwwroot\Cayzu\

3. Unzip the .zip file that you downloaded and move the adauth.asp and CAYZUHMACMD5.dll file into the folder you created in step 2. 

4. Open a command prompt (CMD) window and execute the following:

 

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe /codebase

Ex)

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe c:\inetpub\wwwroot\Cayzu\CAYZUHMACMD5.dll /codebase


Part C: Enable Simple SSO in Cayzu.

1. Login to Cayzu help desk portal with an administrative account  

2. Click on Admin (left side menu) to access the Admin section

3. Click on Single Sign On (End-User)

4. Check on "Simple SSO (Single Sign On) - End-User Portal"

5. Set the remote login url to http://yourserver/Cayzu/adauthenduser.asp (Note: Please replace yourserver with the name of your IIS Server that will be running the script that you will configure below)

 

 


Part D: Configure the ASP authentication script.

On your IIS Server:


1. Open the adauth.asp in Notepad.

2. Replace the two variables, sLdapUsername and sLdapPassword with a domain user that has READ ONLY access to all your user accounts for the LDAP lookup.

Ex)

sLdapUsername = "Cayzu\ReadOnlyAccount"

sLdapPassword  = "Password123"

3. Replace the sSharedSecret variable with your Cayzu Shared Secret token that can be found in the Admin Hub->Security Section. 

Ex)

sSharedSecret = "XYs134bf1dsfads132jknnmsd341d3"

4. Replace the sHelpdeskURL variable with your Cayzu End User Portal URL.

Ex)

sHelpDeskURL = "http://mycompany.cayzu.com"

5. Save the file.


Part E: Executing the script.

1. Open you Internet Browser, and navigate to: http://yourserver/Cayzu/adauthenduser.asp


If everything is configured correctly, your browser should auto-redirect you to your help desk and login using your Active Directory account.

Note: Now on your customer portal, you will see a link for your SSO sign in that the users can use to authenticate with.


Debugging:

If you have to debug the script, simply pass the debug parameter with a value of 1.

Ex)

https://yourserver/Cayzu/adauthenduser.asp?debug=1

 


Need more help setting up? Drop us an email at support@cayzu.com .  

Note: If you want to set up SSO for the Agent Portal (https://portal.cayzu.com), follow this FAQ.





Have more questions about Cayzu Help Desk? Check us out a https://www.cayzu.com



CayzuADAuth.zip
(4.7 KB)



Rate this Topic:
Rating: 5.00 / Votes: 1