PhenixID

Step by Step – Weekdone MFA and SSO with PhenixID Authentication Services

Summary

This document will guide you through the steps to enable multi-factor authentication and Single-Sign On for Weekdone (https://weekdone.com/).

System Requirements

  • PhenixID Authentication Server 2.0 or higher
  • Weekdone administration rights
  • The users to be federated must be present in Weekdone (Manually added or automatically provisioned)

Instruction

Overview

This document will guide you through the steps to enable multi-factor authentication and Single-Sign on for Weekdone.

PhenixID Server acting as SAML IdP

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Depending on your setup, fetch the Weekdone userID value from the appropriate attribute (typically  sAMAccountName (or uid if using other LDAP directory)) on the user object.
  3. Use sAMAccountName/uid as Name ID attribute.
  4. Go to Scenarios->Federation-> <newly_added_scenario> -> Identity Provider. Deselect “Require signed requests”. Save.
  5. Then export your SAML IdP metadata by going to the URL:
    https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta
    and download the metadata to a xml file.
  6. Save the IDP Signing Certificate as a file (follow this instruction)
  7. Fetch the SingleSignOnService -> Location value.
  8. Fetch the SingleLogoutService -> Location value.

Configure Weekdone

  1. Login to Weekdone as a Weekdone admin (for your domain)
  2. Navigate to company settings
  3. Click Single-Sign-On (SAML2)
  4. Change these settings:
    – SAML name. Set this to your company name, for example company.
    SAML SSO URL. Set this to the SingleSignOnService -> Location value of the IdP, fetched in previous step above.
    – SAML Logout URL. Set this to the SingleLogoutService -> Location value of the IdP, fetched in previous step above.
    – X599 Certificate. Cut this out from the IDP Signing Certificate file created in previous step above. Make sure PEM header and footer (—–BEGIN.. and —–END… is not included).

    Example:

  5. Click Save changes
  6. Open a new web browser tab and go to https://weekdone.com/a/<your_saml_name>/metadata
    Example: https://weekdone.com/a/company/metadata
  7. SAML Metadata for your weekdone domain should now be presented.
    Example:

Add trust to Weekdone on PhenixID Authentication Services

  1. Login to configuration manager
  2. Open Scenarios->Federation->SAML Metadata upload
  3. Click the plus sign
  4. Add Weekdone SAML SP Metadata by entering the Weekdone metadata url. (Example: https://weekdone.com/a/company/metadata)

Test

  1. Browse to your Weekdone site (Example: https://weekdone.com/a/company)
  2. This should result in a redirect to PhenixID Authentication Server
  3. Authenticate
  4. If authentication was successful, a redirect to Weekdone should occur (with SAML assertion)
  5. The user should now be logged in.

 


DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se