The attached guide describes the procedure to integrate the Single-Sign-On feature of Documoto for a tenant using Microsoft Active Directory Domain Services (AD) for user account management and Active Directory Federation Services (ADFS) 2.0 for federated access control.
This configuration will allow users who are logged in to the AD Domain in your enterprise to access the Documoto service without re-authenticating. Once configured, access to the Documoto system is managed by using the standard Active Directory tools in the tenant environment without needing to manually update user records in the Documoto application.
- Note: Microsoft Windows Server 2008 R2 includes ADFS 1.0. If you have ADFS 1.0, you must uninstall it and then download and install ADFS 2.0 from this link: http://www.microsoft.com/en-us/download/details.aspx?id=10909.
- Note: Extended ADFS 2.0 configuration guides may be found on the Microsoft TechNet. A deployment guide for ADFS 2.0 is linked here: http://technet.microsoft.com/en-us/library/dd807092(v=ws.10).aspx.
In those guides and in this document the following nomenclature is used:
- Account Partner: the Documoto tenant
- Resource Partner: the service you are connecting to (Documoto)
Note: This documentation assumes that you are configuring
federated access to the production Documoto system
(documoto.digabit.com). You may use these same instructions to
configure access to the Integration environment for testing by
replacing all occurrences of documoto.digabit.com with
The following diagram displays the main conceptual features of this configuration.
Note: it is possible to install ADFS and AD on the same server
Please download the attached guide to view the complete documentation.