Versions Compared

Old Version 9

changes.mady.by.user Elliot Dooleysmith

Saved on

compared with

New Version Current

changes.mady.by.user Anantha Kumar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This guide covers the configuration of a Relying Party Trust in AD FS and the corresponding configuration in ResourceXpress. It does not cover the installation or initial configuration of ADFS.

...

Navigate to the SSO Settings tab found on the System Settings page, under the Administration Settings menu header, and download the SPMetadata.xml.

...

On the Choose Access Control Policy page select the option Permit specific group then click the <parameter> option in the Policy window

...

Info

The following tables list the three required claims as well as two optional claims for RFID and Access Code. The optional claims should be configured if you intend to make authenticated instant bookings on Room Screen devices and/or you will not be enabling SSO for the mobile Kiosk/Maps features.

The attributes used for the optional claims can be any AD attribute however, the value for each user must be unique.

Required Claims

Outgoing Claim Name

LDAP Attribute

email

E-Mail-Address

firstname

Given-Name

lastname

Surname

Optional Claims

In addition to synchronising users' details, it is also possible to retrieve other attributes that can be used to populate Access Code, RFID and other values in the ResourceXpress local user's database.

To configure this you will need to add more Claims, see the table below for optional Claims.

Claim Name

Information

LDAP Attribute

rfid

The RFID value as read by the ResourceXpress system, used for screen authentication.

custom attribute

accesscode

The users Access Code/PIN, used for screen authentication.

custom attribute

defaultlocation

The ID number for the Location that the user will have default access to.

Info

This requires a single Location ID value.

To get the Location ID number, navigate to the location edit screen.

Administration Settings → System Settings → Locations

Then select the Edit Button ( (blue star) ) for the correct location.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Setting/Location?Id=1

custom attribute

allowedlocation

A comma separated list of Location ID numbers that the user has access to.

Info

If more than 1 location is required, separate the ID values with a comma ( , ).

To get the location ID number, navigate to the location edit screen.

Administration Settings → System Settings → Locations

Then select the Edit Button ( (blue star) ) for the correct location.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Setting/Location?Id=1

custom attribute

dateformat

The date format for the user.

dd,MM,yyyy → (25,01,2021)
MM/dd/yyyy → (01/25/2021)

custom attribute

roles

A comma separated list of Role ID numbers.

Info

If more than 1 role is required, separate the ID values with a comma ( , ).

The default role ID values are as below

Super Admin → 1
Server Admin → 2
User Admin → 3
User → 4
Messaging → 5
Reporting → 6
Location Admin → 7

To get the Role ID number for any custom Roles, navigate to the Role edit screen.

User Management → Roles

Then select the Edit Button ( (blue star) ) for the correct role.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Roles/Create?Id=1

custom attribute

Info

New in v2021.5 HF1

If no valid optional claim mappings exist, or the value is blank, ResourceXpress will fall back and use the value that has been entered manually via the RX Admin Dashboard

To overwrite the database with a blank value, use either a zero (0) or a hyphen (-) for the Attribute.

If the attribute contains any value other than a zero (0) or a hyphen (-), this value will be written to the user account the next time the user signs in via SSO.

...

Once you have configured AD FS for SSO you will need to download the IDP MetaData file for use in ResourceXpress. To obtain this file navigate to the below URL replacing <ADFS-ServerName> with the FQDN of your AD FS server.

https://<ADFS-ServerName>/FederationMetadata/2007-06/FederationMetadata.xml

Download the file to a suitable location.

...