To Enable AD FS Integration with MYOB Acumatica

After you have configured the Microsoft Active Directory Federation Services (AD FS) server, you should enable AD FS integration with your MYOB Acumatica instance, as described in this topic. For a description of all steps required for AD FS server configuration, see Integration with AD FS.

Attention: This functionality is available only if the Active Directory and Other External SSO feature is enabled on the Enable/Disable Features form.

To Enable AD FS Integration with MYOB Acumatica

  1. Open the web.config file, which is located in the folder that contains the application instance website.
    Important: When you save changes to the web.config file, the website is automatically restarted. Make sure that all users are warned about the restart so that they can save their documents in advance.
  2. In the file, find the externalAuth section within the px.core section and set the claimsAuth attribute to True.
  3. In the audienceUris element within the system.identityModel section, specify the URL of the MYOB Acumatica instance similarly to the example shown below.
    <audienceUris>
    <add value="Full_Instance_URL" />
</audienceUris>

    In the code shown above, Full_Instance_URL is the full URL of your MYOB Acumatica instance—for example, http://app.site.net/instance_name/.

  4. In the federationConfiguration element within the system.identityModel.services section, edit the wsFederation element similarly to the example shown below.
    <wsFederation
    passiveRedirectEnabled="false" 
    issuer="https://adfs.site.com/adfs/ls/idpinitiatedsignon.aspx" 
    realm="Full_Instance_URL"
    requireHttps="false"
    PersistentCookiesOnPassiveRedirects="false" />

    In the code shown above:

    • https://adfs.site.com/adfs/ls/idpinitiatedsignon.aspx is the URL of the sign-in page of your AD FS server.
    • Full_Instance_URL is the full URL of the MYOB Acumatica instance—for example, http://app.site.net/instance_name.
      Tip: Automatic redirect to the AD FS sign-in page may not work if there is a slash at the end of the URL: http://app.site.net/instance_name/. To avoid this situation, you can specify the URL without this slash.
  5. Save the web.config file. The website restarts automatically.

After you have enabled AD FS integration for your MYOB Acumatica instance, you need to map AD FS claims to MYOB Acumatica roles, as described in To Map AD FS Claims to Roles in MYOB Acumatica.