Configure SmartForms for Active Directory Federation Services (AD FS)

This document outlines the configuration steps necessary for enabling Active Directory Federation Services (AD FS) for K2 smartforms sites.

Prerequisites

The following prerequisites are required for configuring SmartForms for AD FS:

  • Nintex Automation
  • Token signing certificate from your Identity Provider
  • Active Directory Federation Service (AD FS) installed and configured
  • SSL-enable the web site that hosts the K2 smartforms virtual directories

High Level Configuration Steps

These high-level steps are provided for those familiar with configuring claims integration. For a detailed guide, see the Detailed Steps section below.

  1. SSL-enable the web site that hosts the smartforms virtual directories
  2. Install the Identity Provider Certificate on the server
  3. Configure the Security Provider
  4. Configure the Claim Issuer
  5. Configure the Claim Mappings
  6. Configure the Realm to Issuer Mappings
  7. Configure the product as a Relying Party Trust in AD FS for each smartforms site

Detailed Steps

Considerations

  • When using the products Identity Synchronization and Caching with a user who has both AD and ADFS security labels, if the user account gets disabled in AD, the ADFS label stays enabled. However, when this happens, the user cannot be authenticated or access anything in the product. This is expected behavior, as the AD label deals with the authentication.