AADFS configuration

Before setting up the configuration, please make sure that a service account with access to the necessary groups in the Active Directory is created. 

The AADFS configuration file (config.json) consists of three segments: 

  1. The general sync info and credentials (mandatory) 
  2. The user sync info
  3. The host sync info 

Below is an explanation of each segment as well as a guide on how to create the correct structure based on different use cases for the AADFS sync. 

*TIP: It is recommended to use Notepad++ when editing an AADFS config.json file.

 

Difference between users and hosts

When setting up the AADFS sync configuration, it is important to distinguish between users and hosts. In AskCody services users are accounts with access based on roles and memberships, for example, Meeting+ Users and Welcome+ receptionists. Hosts, on the other hand, are only used in Welcome+.


The AADFS configuration .json file

A sample AADFS configuration file is automatically generated after installation and the initial run of the service. The config.json file is placed in the following folder on the server:

%USERPROFILE%\AppData\Roaming\AskCody\ActiveDirectory\ForwardingService

The configuration file is written in JavaScript Object Notation (JSON), a lightweight alternative to XML.   

 

 

Segment 1: General sync info and credentials

This segment is a mandatory part of every config file and consists of the following lines of information: 

  • "configured": This must always be set to the value of true.
  • "endpoint": This is the endpoint of the sync in AskCody's platform and must be pointing at "https://sync.onaskcody.com/active_directory/"
  • "interval": This is the time interval between each sync and is by default set to 3600 (measured in seconds which correlates to 1 hour).
  • "sync"
    • "id": The name of the sync in AskCody Manager  Admin Center  Connection  Syncs.
    • "token": The token generated in AskCody Manager  Admin Center  Connection  Syncs (this is the link between service and AskCody).
    • "account": 
      • "hostname": This is the address on the AD-server. LDAP:// must be included in front of the address.
      • "password": The password for the service account that can access user data in AD. If the service account with access to AD is the same user that is running the service on the windows server, the password should NOT be added to the config file. 
      • "username": The username for the service account that can access user data in AD. If the service account with access to AD is the same user that is running the service on the windows server, the username should NOT be added to the config file.

Segment 2: User sync info

  • "users": 
    • "groups": This is the name(s) of the AD security group(s) that should be included in the sync of users. If all groups are a part of the same overall group, then you only have to write the name of the overall group.
    • "attributes": This is specifically for customers that want to use a specific attribute from AD as the cost center ID for Meeting+ users. 
    • "tags": Tags are used to assign access roles, reception membership and provider membership to the AD security group(s). (To learn more about access roles, click here).

Segment 3: Host sync info 

  • "hosts":
    • "groups": This is the name(s) of the AD security group(s) that should be included in the sync of users. If all groups are a part of the same overall group, then you only have to write the name of the overall group.
    • "tags": Tags are used to assign the users in the AD security group(s) as hosts to the specified reception(s). 

Templates and examples 

Attached to the bottom of this article are the following three templates: 

  1. An AADFS config file for both user and host sync
  2. An AADFS config file for user sync only
  3. An AADFS config file for host sync only

Also attached to this article are a few examples of how to structure an AADFS config file with different levels of complexity. 

Below is a list of all the tags used to assign user roles and memberships: 

User Roles

  • "ROLE_OWNER", - grants access to all functionality in AskCody Admin Center and Manager.

  • "ROLE_MEETING_USER", - grants access to the Meeting+ apps.

  • "ROLE_MEETING_DELEGATE", - grants access to the Meeting+ apps on behalf of other accounts within the organization.

  • "ROLE_MEETING_ADMIN", - grants access to all functionality in Meeting+ Admin Center.

  • "ROLE_MEETING_PROVIDER", - grants access to deliveries, items, and terms in Meeting+ Manager.

  • "ROLE_MEETING_ACCOUNTANT", - grants access to cost centers and settlements in Meeting+ Manager.

  • "ROLE_ROOMFINDER_SEARCH_SPECIFIC_ROOMS", - grants access to search specific rooms in the Workplace Add-in (We have renamed the Add-in from RoomFinder to Workplace Add-in).

  • "ROLE_ROOMFINDER_MANAGER", - grants access to Resources in the AskCody Management Portal. (We have renamed the Add-in from RoomFinder to Workplace Add-in).

  • "ROLE_ROOMFINDER_ADMIN", - grants access to all functionality in Resources in the AskCody Admin Center. (We have renamed the Add-in from RoomFinder to Workplace Add-in).

  • "ROLE_TODAY_MANAGER", - grants access to Today+ Manager.

  • "ROLE_TODAY_ADMIN", - grants access to all functionality in Today+ Admin Center.

  • "ROLE_ACTIVITYVIEW_MANAGER", - grants access to ActivityView Manager.

  • "ROLE_ACTIVITYVIEW_ADMIN", - grants access to all functionality in ActivityView Admin Center.

  • "ROLE_WELCOME_RECEPTIONIST", - grants access to contacts and guests in Welcome+ Manager.

  • "ROLE_WELCOME_ADMIN", - grants access to all functionality in Welcome+ Admin Center.

  • "ROLE_CONNECT_ADMIN", - grants access to all Connect Manager functionality in Admin Center.

  • "ROLE_WORKPLACE_CENTRAL_USER", -grants access to all functionality in Workplace Central manager.

  • "ROLE_WAYFINDER_ADMIN", - grants access to all functionality in WayFinder Manager.

  • "ROLE_INSIGHTS_ADMIN", - grants access to all functionality in Insights Manager.

User Memberships

  • "COST_CENTER_GROUP_MEMBERSHIP:<ID>", - assigns them to the Meeting+ cost center group with the given ID.

  • "DELIVERY_PROVIDER_MEMBERSHIP:<ID>", - assigns them to the Meeting+ delivery provider with the given ID.

  • "RECEPTION_MEMBERSHIP:<ID>", - assigns them to the Welcome+ reception with the given ID.

Host Assignments 

  • "RECEPTION_ASSIGNMENT:<ID>", - assigns them to the Welcome+ reception with the given ID.

 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.