Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Web Help Desk (WHD) > Web Help Desk (WHD) Documentation > Web Help Desk Administrator Guide > Configure and manage authentication > Deploy SSO with SAML using AD FS

Deploy SSO with SAML using AD FS

Created by Steve.Hawkins, last modified by Anthony.Rinaldi_ret on Jul 18, 2016

Views: 1,288 Votes: 0 Revisions: 4

Configure SSO in Web Help Desk using Active Directory Federation Services (AD FS) to enable users who log in to the Microsoft® Exchange Server to be automatically logged in to Web Help Desk as well.

If you are using Windows Server 2008 R2, you must upgrade to AD FS 2.0. AD FS 1.0 is the default on Windows Server 2008 R2 and does not support SAML 2.0.

Before you begin

  1. Enable automatic AD logon through Microsoft Windows. Add the AD FS logon URL to the Local Intranet sites in Internet Explorer through Tools > Internet options or through your corporate group policy.
  2. Set up your SAML server. Use an identity repository (such as AD FS or Light Directory Access Protocol [LDAP]) in the remote login URL for your SAML server.
  3. Enable SSL in your Web Help Desk installation. Use a trusted certificate (such as GoDaddy or Verisign) or create your own certificate.

    When you create or generate a certificate, ensure that:

    • The certificates are generated in the proper order.
    • The Common Name (CN) certificate attribute only contains the fully-qualified domain name (FQDN) with no descriptions or comments. The exact value of this field is matched against the domain name of the server to verify its identity.

    See Manage Keys and Certificates for information about trusting certificates.

  4. Configure Web Help Desk and the AD FS settings separately.

    For information about configuring SSO with SAML using AD FS, see the AD FS 2.0 Step-by-Step and How To Guides located on the Microsoft TechNet website.

Configure Web Help Desk for AD FS

In the following settings, replace with your actual domain name.

  1. Log in to Web Help Desk as an administrator.
  2. Click Setup and select General > Authentication. 
  3. Click the Authentication drop-down menu and select SAML 2.0. 
  4. In the Sign-in page URL field, enter:


    To bypass external authentication, add the following to your login URL:


  5. Click Upload to apply a Verification certificate and enable SSL.

    Apply the same certificate used to sign the assertion in the of AD FS 2.0 Relying Party (RP) setting.

  6. In the Logout URL field, enter the following URL or leave this field blank to use the Web Help Desk default logout page:


    Web Help Desk redirects the users to this page to log out.

Configure SAML 2.0 on the AD FS server

  1. Enter the following AD FS 2.0 RP settings:
    • Identifier: <>/helpdesk/WebOjects/Helpdesk.woa 
    • Signature: Enter the name of the certificate you uploaded to Web Help Desk in the Web Help Desk SAML configuration instructions.
    • Endpoint: Binding: POST, URL: <server IP address>/helpdesk/WebObjects/Helpdesk.woa
    • Detail: Secure hash algorithm SHA-1
  2. Enter the following AD FS 2.0 Log Out settings:

    https://<ADFS_Server_fqdn>/<domain name>/adfs/ls/?wa=wsignout1.0

    • Identifier: https://< us>/helpdesk/WebObjects/Helpdesk.woa
    • Signature: Use the same certificate as above.
    • Endpoint: SAML Logout, Binding: POST, URL:
    • Detail: Secure hash algorithm SHA-1
  3. Enter the following AD FS 2.0 Claim Mapping settings:
    • Attribute store: Active Directory 
    • LDAP attribute: Usually an email address. If your Web Help Desk client login attribute is a user name rather than an email address, use the user ID or account name instead of the email address.
    • Outgoing claim type: NameID 
Last modified