TIMEOFF.GURU integration with MS Active Directory

The integration between TIMEOFF.GURU and MS Active Directory is done with SAML token exchange.

TIMEOFF.GURU expects in the Assertion part of the SAML token one attribute for the username and the public key for the X.509 certificate.

Overview

The following process depicts the login in TIMEOFF.GURU via MS Active Directory authentication:

General diagram regarding the login process in the vacation management system via MS Active Directory

The Identity Provider (IdP) is Microsoft Active Directory Federation Services 2.0 (ADFS 2.0).

Configuration steps

To configure the integration between both system, the following steps need to be performed:

  1. Create web domain for the TIMEOFF.GURU system
    Usually timeoff.customer-domain.com
  2. Configure of Active Directory Federation Services (AD FS)
    More details here: https://technet.microsoft.com/en-us/library/hh305235.aspx
  3. Share the SAML X.509 certificate
    Needed to setup TIMEOFF.GURU
  4. Define login URL for SSO (Single Sign-On)
  5. Share the attribute name, containing the user name (usualy email address)
  6. TIMEOFF.GURU setup and cofiguration

Steps 1 to 5 are performed by the Active Directory administrator.