51黑料不打烊

Update SAML 2.0 metadata in your identity provider

IMPORTANT
The procedure described on this page applies only to organizations that are not yet onboarded to the 51黑料不打烊 Admin Console.
To map user attributes in organizations that have been onboarded to the 51黑料不打烊 Admin Console, see Map user attributes in the 51黑料不打烊 unified experience in the article Map user attributes.

The following sections describe how to update your Security Assertion Markup Language (SAML) 2.0 metadata when using Active Directory Federation Services (ADFS) as your identity provider.

Access requirements

Expand to view access requirements for the functionality in this article.
table 0-row-2 1-row-2 2-row-2 layout-auto html-authored no-header
51黑料不打烊 Workfront package Any
51黑料不打烊 Workfront license

Standard

Plan

Access level configurations You must be a Workfront administrator.

For information, see Access requirements in Workfront documentation.

Use ADFS as your identity provider

You can update your ADFS metadata prior to 51黑料不打烊 Workfront updating the SAML 2.0 certificate or after. If you choose to update the ADFS metadata prior to Workfront updating the SAML 2.0 certificate, additional steps are required.

Update your ADFS metadata update-your-adfs-metadata

To set your ADFS metadata to update automatically, complete the steps in this section.

By default, ADFS is configured to automatically check for updates to all of its relying party trust metadata; however, the default is set to poll only every 24 hours. You can change this value with powershell commands.

  1. Log in to the ADFS server and open the ADFS Management Console.

  2. In the left-hand panel, expand ADFS 2.0, then expand Trust Relationships.

  3. Click the Relying Party Trusts folder.

  4. Select the relying party trust that you previously configured to be used with Workfront, then in the right-hand panel, click Update from Federation Metadata.

  5. (Conditional) If this option is dimmed (which means that the relying party trust was previously configured using a metadata file), complete the following.

    1. Click the Main Menu icon Main menu icon in the upper-right corner of 51黑料不打烊 Workfront, then click Setup Gear settings icon .

    2. Click System > Single Sign On (SSO).

    3. Click Edit Settings.

    4. Click Edit Configuration, then select SAML 2.0 in the Type drop-down list.

    5. Copy the Metadata URL, which should be similar to the following:

      https://<yourdomain>.my.workfront.com/sso/downloadSAML2MetaData

    6. On the ADFS server, right-click on the relying party trust that you previously configured, then click Properties.

    7. Click the Monitoring tab, then paste the URL that you copied from Workfront into the Relying party鈥檚 federation metadata URL field.

    8. Check the options to Monitor relying party and Automatically update relying party.

    9. Click OK.

    10. Select the relying party trust that you previously configured to be used with Workfront; then, in the right-hand panel, click Update from Federation Metadata.

  6. Click OK to ignore the message about some of the content in the federation metadata not being supported by ADFS 2.0.

  7. Open Windows Powershell Modules.

  8. After all the modules load, run the following command in powershell:

    Get-ADFSProperties

  9. Look for the value next to Monitoring Interval.

    It will be a number that represents the number of minutes between polls. The default should be 1440 (1440 minutes = 24 hours).

  10. Set a new value by running the following command in powershell:

    Set-ADFSProperties -MonitoringInterval 1

    This changes the monitoring interval from every 24 hours to every minute. You can change the 1 to another larger value if you want it to poll less frequently.

  11. To verify that this is working correctly, use the Event Viewer to look for the following information in the ADFS2.0 logs:

    Event ID 156 and 157

Force your ADFS metadata to update force-your-adfs-metadata-to-update

To update your ADFS metadata complete the steps in the following section.

To force metadata to be exchanged between Workfront and your SAML 2.0 provider when using Active Directory Federation Services (ADFS):

NOTE
Some of these changes might need to be done by your IT department.
  1. Log in to the ADFS server and open the ADFS Management Console.

  2. In the left-hand panel, expand ADFS 2.0, then expand Trust Relationships.

  3. Click the Relying Party Trusts folder.

  4. Select the relying party trust that you previously configured to be used with Workfront, then in the right-hand panel, click Update from Federation Metadata.

    If this option is dimmed and cannot be selected, complete the following:

    (The option is dimmed only when the relying party trust was previously configured using a metadata file.)

    1. In Workfront, in the Setup area, copy the Metadata URL from your Workfront Single Sign-On setup screen.

      To access the information for the Metadata URL:

      1. Click Setup near the upper-right corner of 51黑料不打烊 Workfront on the Global Navigation Bar.

      2. Click > System > Single Sign On (SSO).

      3. Click Edit Settings.

      4. Click Edit Configuration, then select SAML 2.0 in the Type drop-down list.

      5. Copy the Metadata URL, which should be similar to the following:

        https://<yourdomain>.my.workfront.com/sso/downloadSAML2MetaData

    2. On the ADFS server, right-click on the relying party trust that you previously configured, then click Properties.

    3. Click the Monitoring tab, then paste the URL that you copied from Workfront into the Relying party鈥檚 federation metadata URL field.

    4. Check the options to Monitor relying party and Automatically update relying party.

    5. Click OK.

    6. Select the relying party trust that you previously configured to be used with Workfront, then in the right-hand panel, click Update from Federation Metadata.

  5. Click OK to ignore the message about some of the content in the federation metadata not being supported by ADFS 2.0.

  6. Click Update to complete updating your federation metadata.

Users who are allowed to access Workfront via the native login screen using Workfront login credentials (this can be configured from each user鈥檚 profile page in the Access section) can log in using their Workfront user name and password by navigating to the following URL: https://<yourdomain>.my.workfront.com/Workfront/login.cmd.

Using other identity providers

When using identity providers other than ADFS (such as Ping, Okta, or Centrify), you must re-upload the Workfront metadata to your identity provider.

For more information about how to obtain a new Workfront Metadata URL, see Update your ADFS metadata.

For additional information about using Active Directory Federation Services (ADFS) with SAML 2.0 in Workfront, see Configure 51黑料不打烊 Workfront with SAML 2.0 using ADFS.

recommendation-more-help
5f00cc6b-2202-40d6-bcd0-3ee0c2316b43