Configuring BoldSign Single Sign-On (SSO) Integration with Active Directory Federation Services (AD FS) Using OpenID

This process enables the BoldSign application to integrate with Active Directory Federation Services (AD FS), allowing users to sign in seamlessly using Single Sign-On (SSO).

Set Up an Application Group in AD FS

• Open the Server Manager dashboard on your Windows Server hosting AD FS.
• Navigate to Tools and select AD FS Management.

• Click on the AD FS Management and it will open ADFS as shown below.

• On the left pane, select Application Groups.
• Then click Add Application Group on the right pane.

• Name the application group (e.g., “BoldSign SSO”) and choose the Server application accessing a web API template.
• Click the Nextbutton to proceed.

• Copy the Client Identifier generated in a separate location. This value needs to be configured on both the Web API page in the wizard and the BoldSign SSO configuration page.

• In the Redirect URI, enter the following URL for the BoldSign application and click Add.
  https://account.boldsign.com/SSOLogin/SSOLoginCallback

• This URL is where AD FS will send the authentication response after the user logs in.

• Click the Nextbutton to proceed.

• Select the Generate a shared secret option in Configure Application credentials.
• Once the secret value is generated, copy the value, and save it in a secure location. You will not be able to access the value again. It will serve as the Client Secret in BoldSign SSO configuration.
• Then Click Next button to proceed.

• In the identifier, enter the previously noted Client Identifierand click the Add and Next buttons.

• Choose an appropriate policy, such as Permit everyone or Permit everyone and require MFA based on your requirements.
• Click the Next button to proceed.

• Select the openid and allatclaims scopes in permitted scopes and click the Next button.

• Review and complete the wizard to create the application group.
• Select the application group created (eg.BoldSign SSO) and then right click and select Properties.

• On the Properties page, select Web API and click Edit.

• On the Web API Properties page, select the Issuance Transform Rules tab.

• On the Issuance Transform Rules tab, click Add Rule.
• It will open the window as shown below and on the Choose Rule Type page, select Send LDAP Attributes as Claims as the claim rule template and click Next.

• On the Configure Rule, enter the name (eg.Email) for the claim rule.

• In attribute store, select the Active Directory.

• In the LDAP Attributes column, select E-Mail-Addresses and in the Outgoing Claim Type column, select E-Mail-Addressand click the Finishbutton.

• The Web API Properties page displays. On the Web API Properties page, click Apply and OK.

Configure AD FS Client ID and secret for BoldSign application using OpenID

• Sign in to the BoldSign application https://app.boldsign.com/.
• Then, expand the Settings menu and select the Single Sign-On option.
• On the Single Sign-On page, select the Open Id option.
• Next, enter your AD FS application Client Id and Client Secret Value in the designated fields.
• In the Authority field, enter the URL for your ADFS using the following format:
  https://{Your AD FS server domain}/adfs
  Replace {AD_FS_Server domain} with your AD FS server’s domain name.

• Then click the Save button to apply the settings.

Invite new users to join the BoldSign organization

• Go to the Users page in your BoldSign admin account.
• Click the Invite users button to add a new user.
• Then, enter the email address of the user you want to invite, which should be associated with your AD FS.
• Once you have added all the necessary users, click the Add button, followed by the Invite button to send out the invitations through email.

Accepting an invitation to join a BoldSign organization with SSO configuration

• Open the email inbox and find the invite link.

• Click Accept Invitation to open the BoldSign sign-in page.
• Click Log into your Organization’s Name and you will be redirected to the configured provider site for login.

• You will be directed to the AD FS sever login page. Enter your AD FS credentials and click Sign in.
• Once you have successfully logged in, you will be directed to the BoldSign account stay sign-in page. Click Yes, keep me signed in to stay signed in or No to skip.

• After selecting the required option, you will be directed to the Basic Info page where you need to fill in your First Name, Last Name, and Phone Number fields. Then, click Proceed.

• You have now successfully logged into the BoldSign dashboard, where you can start using the application.

BoldSign application sign in with SSO

• Open BoldSign and click Sign In with SSO to proceed.

• In the Organization Email textbox, enter the email address associated with your SSO account and Click the Continue button to proceed.

• You will be redirected to the AD FS login page. Enter your AD FS Username and Password, then click Sign In.
• After successfully logging in, you will be redirected to the BoldSign Stay signed in page. Click Yes to stay signed in for 30 days or No to skip.

• You will now be redirected to the BoldSign dashboard page.