Upload ADFS IDP metadata to Plantronics Manager Pro:
Plantronics Manager Pro Configuration for SSO with ADFS
Article ID :
1. Open a browser and enter the following URL:
https://[ADFS server]/FederationMetadata/2007-06/FederationMetadata.xml (Replace “[ADFS server]” with the hostname of your ADFS server). This should trigger a download of your environments ADFS IDP metadata in the form of a .xml file. Save the resulting file to your desktop.
2. Open a browser and log in to your Plantronics Manager Pro web console. On the left-hand side, menu select
Identity Provider (IDP) Parameters click
Upload IDP Metadata. Select the .xml file you downloaded in the previous step.
3. Plantronics Manager pro will read the IDP file and pull the needed URLs. When completed, the
Identity provider Issuer and
Identity Provider SSO URL should be populated with your ADFS instance information (you may want to hit the refresh button if this process appears to be taking longer than a few minutes). Proceed to section
Configure ADFS Party Trust:
- Download pm_pro_saml_metadata.xml file from Plantronics manager pro web console by clicking the Download SP Metadata button
- Log on to your ADFS server, and open the ADFS management console
- Copy the pm_pro_saml_metadata.xml file to your ADFS server desktop
- Click Add relying party trust and click start
- On the Select data source page, select Import data about the relying party from a file. Click browse and select the pm_pro_saml_metadata.xml file that you copied to the desktop of the ADFS server. Click next.
Plantronics Manager Pro
7. Choose if you would like to configure multifactor authentication. To set this up later simply select “I do not want to configure multi-factor authentication settings for this relying party at this time” and click next.
8. On the issuance authorization rules screen, select the appropriate setting for your environment. To allow all users to access PMP via ADFS select
Permit all users to access this relying party. If you would like to lock down access to a specific group select
Deny all users access to this relying party. Click next through the following windows to complete the wizard. The edit claims rules window should automatically open once the wizard is completed.
9. Under the
Issuance Transform Rules tab click
Add rule. Select the rule template
Send LDAP Attributes as Claims and click next.
10. Enter a name for the claim rule such as
PMP attributes and select
Active Directory as the attribute store. Create the attribute mappings shown in the figure below and click finish.
11. Back to the
Edit claims rules
to add a second rule.
12. In the “Add Transform Claim Rule wizard” choose
Transform an Incoming Claim
as the claim rule template and click next.
13. In the Claim rule name field enter
. Match the settings in the rest of the form to the ones shown in the figure below and click finish.
14. You should now have two claims rules listed in the claims rules editor (see figure below). If would like to control SSO access to PMP to a specific group configure
Issuance Authorization Rules