Installation
- Launch ADFS Plugin Inline setup via executing file IDS.IDComplete.ADFSPluginInline-XXXX-x64.msi. Accept the license terms and choose Complete for the installation type.
- After installing the ADFS plugin, open the registry editor to the following path: [HKEY_LOCAL_MACHINE\SOFTWARE\IDGlobal]. Give "Full control" access rights to the registry folder IDComplete ADFS Plugin Inline for the service account that runs the ADFS service.
- Open a File Explorer window and navigate to %ALLUSERSPROFILE%. Give "Full control" access rights to the folder IDGlobal for the ADFS service account.
- Restart the Active Directory Federation Services service.
Configuring plugin settings
Plugin settings can be run from the IDComplete ADFS Plugin Inline Configurator %PROGRAMFILES%\IDGlobal\IDComplete ADFS Plugin Inline\IDS.IDComplete.ADFSPluginInlineConfigurator.exe.
Plugin settings are stored in the Registry folder [HKEY_LOCAL_MACHINE\SOFTWARE\IDGlobal\IDComplete ADFS Plugin Inline].
Connectivity Parameters
Ensure that you are using HTTPS for all URIs, since authID requires HTTPS connectivity. You should also replace localhost with the SaaS domain for the authID service: id.authid.ai.
| Parameter | Default Value | Description |
|---|---|---|
| BioWeb URI | Network address (URL) of the Bio Web Application. Use https://id.authid.ai | |
| Administration service URI | localhost | Network address (URL) of the IDComplete Backend Administration Service (REST interface) |
| Authorization service URI | localhost | Network address (URL) of the IDComplete Backend Authorization Service (REST interface) |
| Customer name | Administrative User Login or API key ExternalId | |
| Customer password | Administrative User Password or API key Value | |
| AllowBypassOfflineServices | False | Bypass second factor authentication if IDComplete services are offline |
| SecurityProtocols | True for all (SSL3, TLS, TLS11, & TLS12) | Supported channel security protocols |
After setting the CustomerPassword parameter, when the ADFS plugin is started, the specified parameter will be encrypted and written to the parameter CustomerEncryptedPassword and the CustomerPassword parameter will be deleted.
Inline Authentication Parameters
You should have a custom operation available to control behavior of the plugin. Check the available operations by using the GetCustomOperations API endpoint.
| Parameter | Default Value | Description |
|---|---|---|
| Custom operation name | Custom operation name to be invoked | |
| Account operation parameter name | Custom operation parameter name which is used for sending account name | |
| Operation or transaction timeout (sec) | 180 | |
| Delay before submit page (sec) | 5 | Delay between showing the Bio Web application result and sending it to the ADFS Plugin Inline. |
| Allow self enrollment biometry | False | The flag allows the creation of biometrics credentials in case of it absence. |
| Show final page | True | Flag determines whether or not to display a successful authentication page. |
Logging Parameters
| Parameter | Value | Description |
|---|---|---|
| Log file path | c:\ProgramData\IDGlobal\IDComplete ADFS Plugin Inline\Logs\IDS.IDComplete.ADFSPluginInline.log | ADFS plugin log file path |
| Log level | ERROR | Logging level (OFF, FATAL, ERROR, WARN, INFO, DEBUG, ALL) |
After changing any parameter of the plug-in and pressing the "OK" button, you should see a dialog prompting you to restart the ADFS service.
