Configuring the Application Group in the ADFS web interface

After you have installed the ADFS plug-in, you can configure the Application Group by using the ADFS web interface as follows:

Related topics

BMC-Defender-Active-Directory-Federation-Services-ADFS-plug-in-deprecated

Installing-BMC-Defender-Active-Directory-Federation-Services-ADFS-plug-in

Configuring-BMC-Defender-Active-Directory-Federation-Services-ADFS-plug-in

Using-BMC-Defender-Active-Directory-Federation-Services-ADFS-plug-in

  1. Log on to or access the ADFS Server Windows application program.

    Note

    The ADFS system is a native Windows GUI program.

  2. Within the ADFS application, select the Application Groups tab on the left panel and click Add Application Group on the right panel. The ADFS Add Application Group wizard starts.
  3. On the first page of the wizard, provide a name for the group (such as BMC Defender Server) and select Server Application accessing a web API as the Client-Server application template. Click Next.

  4. In the next window, save the Client identifier value. Copy the value to a text editor for use later in this procedure. Provide a redirect URL pointing to the BMC Defender Server installation top-level URL, such as:
    https://server[:port]

    Note

    The server value should be the Common Name (CN) used in the certificate running at the BMC Defender Server. For more information on certificates, see Security-certificates.

    The https: prefix (not http:) is required. Ensure that you do not Incorrectly configure the exact hostname, port number, or https:// prefix.

  5. Click Next.
  6. In the next window, click Generate a shared secret to display the Client Secret value. Copy the value to a text editor for use later in this procedure. 
  7. Click Next.
  8. In the next window, enter an identifier pointing to the BMC Defender Server installation top-level URL. Use the same URL value as in step 4
  9. Click Next.
  10. In the next window, enter an access policy of Permit everyone. 
  11. Click Next.
  12. In the next window, use the default scope of openid. Do not check any other items. 
  13. Click Next and then close the wizard.

When the wizard is completed, you can see the BMC Defender Server Application Group. Drill down into the BMC Defender Server group to make further adjustments. 

Notes

  • The web API entry is not used by BMC Defender does not use the web API entry, so you can delete it. You can view the Client identifier obtained in step 4, but you cannot access the Client secret key (obtained in step 6).
  • Obtain the Client identifier (obtained in step 4) and the Client secret key (obtained in step 6). If you have not obtained these values, drill down into the BMC Defender Server application to view these values, or remove and re-add the application group by repeating this procedure.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*