Join Free or Sign in
Share:
My Cart 0
€0.00

Single Sign On with Microsoft ADFS for Customers

SKU
Single Sign On with Microsoft ADFS for Customers
€199.00

Allow your Magento 2 Customer to login directly with Microsoft ADFS without having to go through the account creation process.

When your customergoes to the login page, they will see the option to login with Single Sign-On. They simply click the button and after logging in he will be redirected to the shop and logged in. If the user does not exist in the shop, an account will be automatically created.

You can have your customers connect to your Single Sign-On environment in no time and increase the revenue of your webshop by removing barriers.


Compatibility Details

Magento 2.4.X

Extension v1.0
Installation Instructions
composer require gogento/sso-adfs-frontend "^240.1"

Single Sign-On with Microsoft ADFS for Magento Customers

Allow your Magento 2 Customer to login directly with Microsoft ADFS without having to go through the account creation process.

When your customergoes to the login page, they will see the option to login with Single Sign-On. They simply click the button and after logging in he will be redirected to the shop and logged in. If the user does not exist in the shop, an account will be automatically created.

Our Single Sign-On solutions have been implemented in hundereds of webshops world wide, including Nokia, Canon, Castrol, Pearson, Dentons and numerous more. We have learned from every of these implementations and this is where you directly profit from

You can have your customers connect to your Single Sign-On environment in no time and increase the revenue of your webshop by removing barriers.


General Single Sign-On Configuration

Single Sign-On

The user logs in at the identity provider and the means to it no longer mean anything to the webshop itself. It does not matter if its a password authentication, biometrical, voice activated, keycoded or multi-factor. The Identity Provider Manages the login credentials.

Single Logout

When the user logs in with Single Sign-On, it's possible to tell the Identity Provider upon logout, to terminate any open sessions. This results in a global logout on all websites whre the user is logged in. This feature can be separately enabled.

Fully Pre-Configured for Microsoft ADFS

The extension is fully pre-configured so that you only have to fill in connection details and the rest will flow automatically. No manual mappings, no rocket science. Just install, follow the manual and you will have this integration running in a matter of minutes.

Works in a multi-store environment

You can enable Single Sign-On on a global level, or on a website, store and storeview level. Each level can support their own endpoints, so you can use different Azure accounts for different websites.

Frontend Firewall

Some companies dont want their website to be visible to customers prior to logging in. You can make your website a private website which will immediately redirect to the linked identity provider. After logging in, the customer can see the website.

Firewall Whitelisting

There are situations where you want pages to be visible to anyone, for example contact or help pages. You can set pages to be whitelisted and you can maintain a list of IP's which are not affected by the frontend firewall so they can navigate the website without having to login.



What is Microsoft ADFS

Microsoft ADFS is an enterprise solution which includes identity management for your employees, business relations and other involved parties.

You maintain all your business customers in Active Directory while Magento integrates with it and synchronizes the settings needed to login.

All you have to do is install Active Directory Federation Services on your Microsoft Windows Server and connect it to your Active Directory.

It works with SAML2 being the most secure and reliable solution.

Microsoft ADFS Plugin for Active Directory

A Selection of Identity Providers We Work With


Microsoft Azure Integration
The newer version of Microsoft Active Directory exposure has simplified the integration for both sides of the connection a lot. Being less strict and easier to setup, an integration with Azure is equal to that of ADFS. It's a new interface built on top of the old Active Directory Federation Services.

Microsoft ADFS Integration
The original integration with ADFS is simply the process of setting the right metadata url's, certificates and attributes on both sides. After that it's a very reliable and consistent integration using the super secure SAML2 protocol.


OneLogin Integration
OneLogin has excellent SAML2 support and has a broad spectrum when it comes to mapping the data from your Identity Management to Magento 2. A straight forward but fully functional solution which a multitude of our customers use.


ForgeRock Integration
Formerly known as OpenAM, this identity provider is very suitable for large enterprises. We've implemented OpenAM and Forgerock for a large Australian client in no time.


Auth0 Integration
A Large selection of our customers use Auth0 for both their production environments and for testing. It allows you to setup connections with both SAML2 aswell as OAuth2 quickly and securely. The integrations which Auth0 offers with external solutions are very broad, making this a fine selection for a lot of our customers.

Okta Integration
Enterprise level identity management in the cloud. We've integrated a market leaders to Okta for a few years now and the integration is straight forward. Being one of the largest companies for Identity Management, they've proven themselves to be a powerful solution.


Google Integration
Google is one of the largest Identity Providers in the world today. Integrating with mainly OAuth2 and used by both business and personal users. Nearly every person in the world has a user account, available to login with these days.



SalesForce Integration
Originally a platform to maintain your sales process and customer relations, SalesForce has become a very feature-rich platform with solid integrations. They have a SAML2 integration available which we use.

Installation and Upgrade Details

We do not provide direct download links of our extensions as they are not needed and bad practise. Installing and maintaining the latest updates of your extensions using composer is the best and safest solution. If you do need a manual download, feel free to contact us for aid.

Installing an extension is the same process as upgrading an extension. You can run the exact same composer require command as you do with the installation with the new version set, to upgrade the extension


Step 1 - Setup composer authentication

To install our extensions you need to first setup the composer repository for your account.
You don't need to do this after every purchase, just after the very first purchase you make in our webshop. Your composer URL can be found in your account details and can be setup with composer by executing this command on your server in your Magento 2 root:

composer config repositories.gogento composer https://gogento.com/composer/customer/[your-composer-secret]

These instructions can also be found in your account details


Step 2 - Install the right version

Now find the closest version matching your Magento 2 installation and run the composer require command below.


Magento 2.4.X

Extension v1.0
composer require gogento/sso-adfs-frontend "^240.1"

Step 3 - Post Installation

After the extension installation you can proceed with the default deployment commands which are run after adding a new extension.

1. Upgrading the database schema

bin/magento setup:upgrade
2. Verify your deployment mode
bin/magento deploy:mode:show
3. Run if the above command returns "production"
bin/magento setup:di:compile
bin/magento setup:static-content:deploy [your locales]
4. Wrap up the deployment
bin/magento index:reindex
bin/magento cache:clean

10-09-2020 10:33:57

v1.0 for Magento 2.4.0

Created Initial ADFS SSO for the frontend
Recommended Installation Instructions
composer require gogento/sso-adfs-frontend "^240.1"
Fixed Version Installation Instructions
composer require gogento/sso-adfs-frontend "~240.1.0"

18-09-2020 03:54:24

v1.1 for Magento 2.4.0

Fixing code capitalization
Recommended Installation Instructions
composer require gogento/sso-adfs-frontend "^240.1"
Fixed Version Installation Instructions
composer require gogento/sso-adfs-frontend "~240.1.1"


General Single Sign-On Configuration

Send customer registration welcome email on first login

When the account is created in the webshop, after a first login, you have the option to automatically send the welcome email which a customer would get on a normal registration. Generally you should set this to yes if you are running a business to consumer webshop.

CMS Page for failed login

When the login fails because the customer registration cannot be completed, we set a landing page that the customer will be directed to. Usually if SSO fails, it means incomplete data at the identity provider, so therefor instructions to request support can be given on the landing page.

Website visible for guests

In some occasions you want your webshop only to be visible to users who are logged in. If you set this to yes, the webshop will immediately redirect to the identity provider when the customer lands on any landingpage which is not set public. If you set this setting to "no", a whitelist option appears.


General SSO Settings


Single Sign-On Configuration In Magento

Entity ID

It's the easiest to set this to https://[your-store.com]/. You will need this in the trust relationship configuiration in the next step

Federation Metadata Endpoint

Fill this in as: https://[your-adfs-server-domain]/federationmetadata/2007-06/federationmetadata.xml

Single Sign-On Binding And Single Logout Binding

Keep this setting at the default, you do not need to change it. This is changeable because some users use specific binding settings in Azure. But if you changed this setting in Azure, you can enforce the binding used in these settings.

Solution Enabled

Go to the right scope where you want to enable Single Sign-On and set this setting to Yes, to enable it for that specific website or store.


Set the ADFS Frontend Login to enabled and save the configuration.


Single Sign-On Configuration In ADFS

Logon to your ADFS Server, open the ADFS Plugin

Click "Add Relying Party Trust" on the right side.

When asked, fill in the Entity ID which you set in the previous step.

The Service Provider Metadata URL is https://[your-store.com]/saml/metadata/adfs


Save the Configuration and go to the shop customer login

Magento 2 Frontend Login ADFS

After the connection has been setup, the customer will see a login button on the login and the register page.

The customer can click this button and the redirect to Microsoft ADFS will happen.



ADFS Login Screen