Add ADFS as a Custom Authentication Provider

The Custom ADFS provider allows you to configure your own custom federation between the Polycom Cloud Services and your company's Active Directory-based user authentication service, tailoring the scope and duration of the federation to suit your needs.

Procedure

  1. In the Polycom Cloud Services portal, go to Administration > Authentication Providers.
  2. In the Custom Authentication Providers section, click ADFS (Inactive).
  3. Register the Polycom Cloud Services as an OAuth 2.0 client. Your Active Directory administrator should register the service using the Callback URL (see table below).
  4. Configure the required fields for the authentication provider.
    Table 1. ADFS
    Setting Description
    Name

    Authentication provider name

    Note: Your users see this name when they sign in using the Polycom Pano App.
    Client ID Client Application ID is used to register the Polycom Cloud Services as an ADFS OAuth 2.0 client.
    Note: Your Active Directory administrator will create this as part of performing the registration. It is a Globally Unique IDentifier (GUID), so any GUID generator can be used to create it.
    Client Secret OAuth 2.0 client secret that is created as part of registering the Polycom Cloud Services as an ADFS OAuth 2.0 client. Your Active Directory administrator will provide this to you.
    Note: Make sure you save the Client Secret in a secure location. Once you entered the Client Secret, you can’t retrieve it from Polycom Cloud Services portal.
    Callback URL This is a read-only field. Supply the Callback URL to your Active Directory administrator as it is required for registering the Polycom Cloud Services as an ADFS OAuth 2.0 client.
    Authorization URL Your Active Directory administrator will provide this to you. It is typically in the form of https://<company-adfs-domain> /adfs/oauth2/authorize
    Token URL Your Active Directory administrator will provide this to you. It is typically in the form of https://<company-adfs-domain>/adfs/oauth2/token
    Logout Redirect URL Your Active Directory administrator will provide this to you. It is typically in the form of https://<company-adfs-domain>/adfs/ls/?wa=wsignout1.0
    Resource Your Active Directory administrator will provide this to you. It is registered as the “Identifier” parameter of the Relying Party Trust in ADFS, for example, https://<myapplication>
  5. Click Save.