SSO with AD FS Setup

Here's a step-by-step guide on how to set up a single sign-on (SSO) method in the NordPass Admin Panel using Microsoft Active Directory Federation Services (AD FS) as an Identity Provider (IdP).

 

1. Open the AD FS management console and select Add Application Group… in the Actions panel. 
1.png

 

2. Enter the desired Application Group name, choose Server application from the template list, and select Next.
2.png

 

3. Copy and save the self-generated value from the Client Identifier field; you will need to use it later on in the NordPass Admin Panel. Enter https://api.nordbusinessaccount.com/v1/oauth/adfs/callback in the Redirect URI field and select Add.
3.png

 

4. Select Next.
4.png

 

5. Select Generate a shared secret. Copy and save that value; you will need to use it later on in the NordPass Admin Panel. Select Next.
5.png

 

6. Select Next on the Summary screen.
6.png

 

7. Select Close on the Finish/Complete screen.
7.png

 

8. Select Application Groups in the AD FS management console, choose the newly created Application Group and select Properties in the Actions panel.
8.png

 

9. Select Add application…
9.png

 

10. Choose Web API from the template list and select Next.
10.png

 

11. Enter https://api.nordbusinessaccount.com in the Identifier field and select Add.
11.png

 

12. Select Next.
12.png

 

13. Choose to Permit everyone from the access control policy list and select Next.
13.png

 

14. Ensure OpenID is selected in the Permitted scopes list and select Next.
14.png

 

15. Select Next on the Summary screen.
15.png

 

16. Select Close on the Finish/Complete screen.
16.png

 

17. Select OK.
17.png

 

18. The last step in the AD FS management console is to copy and save the domain URL (Federation Service name); you will need to use it later on in the NordPass Admin Panel.
Go to Service and select Edit Federation Service Properties… in the Actions panel. Copy the Federation Service name value from the newly opened window.
18.png

 

19. To be able to validate OAuth and OpenID Connect credentials, you need to allow the NordPass API to make requests to your Federation Service instance. This URL {FEDERATION_SERVICE_DOMAIN_NAME}/adfs/oauth2/authorize/ should be accessible for api.nordpass.com. Port 443 should be opened, and TCP protocol should be allowed.

 

20. Open the NordPass Admin Panel at https://panel.nordpass.com and go to the Settings tab.
20.png

21. Select Single Sign-On (SSO) and Authentication.
21.png

22. Select Microsoft Active Directory Federation Services (AD FS).
22.png

23. Add and verify your company's domain by selecting Add Domain.

1.png

24. Enter your company's domain name and select Continue. Copy the generated DNS TXT entry and add it to your domain's DNS TXT configuration. Once added, return to the AD FS setup and select Verify.

Please note that it can take up to 72 hours to verify the domain.

2.png

25. Enter the Client Identifier (ID), Client Secret and the AD FS Domain URL that you copied and saved from the previous steps in the AD FS management console and select Test Connection.
3.png

26. Once the connection is established, you can select Turn On.
24.png

27. In the confirmation window, select Turn On to enable organization members to log in to NordPass via AD FS.
25.png

28. That's it! Next time your users go to log in to NordPass Business, they have the option to use their AD FS account.
26.png

You've now successfully configured single sign-on with your on-premises AD FS as Identity Provider and NordPass as Service Provider.