Here's a step-by-step guide on how to set up a single sign-on (SSO) method in the NordPass Admin Panel using Microsoft Active Directory Federation Services (AD FS) as an Identity Provider (IdP).
1. Open the AD FS management console and select Add Application Group… in the Actions panel.
2. Enter the desired Application Group name, choose Server application from the template list, and select Next.
3. Copy and save the self-generated value from the Client Identifier field; you will need to use it later on in the NordPass Admin Panel. Enter https://api.nordbusinessaccount.com/v1/oauth/adfs/callback in the Redirect URI field and select Add.
4. Select Next.
5. Select Generate a shared secret. Copy and save that value; you will need to use it later on in the NordPass Admin Panel. Select Next.
6. Select Next on the Summary screen.
7. Select Close on the Finish/Complete screen.
8. Select Application Groups in the AD FS management console, choose the newly created Application Group and select Properties in the Actions panel.
9. Select Add application…
10. Choose Web API from the template list and select Next.
11. Enter https://api.nordbusinessaccount.com in the Identifier field and select Add.
12. Select Next.
13. Choose to Permit everyone from the access control policy list and select Next.
14. Ensure OpenID is selected in the Permitted scopes list and select Next.
15. Select Next on the Summary screen.
16. Select Close on the Finish/Complete screen.
17. Select OK.
18. The last step in the AD FS management console is to copy and save the domain URL (Federation Service name); you will need to use it later on in the NordPass Admin Panel.
Go to Service and select Edit Federation Service Properties… in the Actions panel. Copy the Federation Service name value from the newly opened window.
20. Open the NordPass Admin Panel at https://panel.nordpass.com and go to the Settings tab.
21. Select Single Sign-On (SSO) and Authentication.
22. Select Microsoft Active Directory Federation Services (AD FS).
23. Add and verify your company's domain by selecting Add Domain.
24. Enter your company's domain name and select Continue. Copy the generated DNS TXT entry and add it to your domain's DNS TXT configuration. Once added, return to the AD FS setup and select Verify.
Please note that it can take up to 72 hours to verify the domain.
25. Enter the Client Identifier (ID), Client Secret and the AD FS Domain URL that you copied and saved from the previous steps in the AD FS management console and select Test Connection.
26. Once the connection is established, you can select Turn On.
27. In the confirmation window, select Turn On to enable organization members to log in to NordPass via AD FS.
28. That's it! Next time your users go to log in to NordPass Business, they have the option to use their AD FS account.
You've now successfully configured single sign-on with your on-premises AD FS as Identity Provider and NordPass as Service Provider.