Connect a SharePoint site
With a few steps you can connect your SharePoint 2013 to The Identity Hub using WS-Federation.
Note
As of version 1.72, there is a new way to Connect a SharePoint 2019 site.
A. Create an App
- Create an App for your application. See Create an App for details.
- For WS-Federation Reply URL's: set the URI of your SharePoint site (eg https://SharePoint.contoso.com/) including the port number if it is different from the default 443.
- Type the realm for SharePoint to identify itself in Relying Party Realm.
- Supply a Token Signing Certificate
It is recommended that you acquire and use a specific certificate, only used for this purpose.
Note
Relying Party Certificate is not supported by Sharepoint.
Note
As of version 1.72 it is necessary to create a scope 'tih_searchusers' and link and assign it automatically to this app.
B. Download the SharePoint solution file
- Navigate to the Apps list (https://www.theidentityhub.com/{tenant}/Admin/App) and select the application you are connecting.
- Open the SharePoint 2013 section by clicking on the arrow. (you might need to scroll down to find the section)
- Click the link to download the wsp package.
C. Install the SharePoint solution
In this step we will install and configure The Identity Hub SharePoint solution file.
For more detailed steps on installing SharePoint Solutions see http://technet.microsoft.com/en-US/library/cc262995
- Open the SharePoint 2013 Management Shell.
- At the Windows PowerShell command prompt, type the following command:
Add-SPSolution -LiteralPath [path to the The Identity Hub SharePoint solution package]
- Open Central Administration and navigate to Farm Management section, Manage farm solutions.
- Deploy the solution. Click the identity hub claim provider.wsp link and click Ok on the next page.
- After the solution is deployed, navigate to Application Management, Manage Web Applications and select the Web Applications you want allow users to authenticate using The Identity Hub.
- Click "Authentication Providers" in the ribbon and click on the link with the correct zone.
- Scroll to the Trusted Identity Provider section and check The Identity Hub {tenant}.
- Click Save.
- Navigate to the Web Application. You should now be able to sign-in using The Identity Hub {tenant}.
D. Allow users to access SharePoint sites
In this step we will allow users login with The Identity Hub to access a SharePoint site.
- Open the SharePoint site you want to allow The Identity Hub users to access.
- Navigate to People and Groups.
- Go to the details of a group.
- Click New
- The People Picker will appear. Type in the name of the The Identity Hub user or group you want to allow access for.
Troubleshooting
General Information
Information about The Identity Hub SharePoint Solution
- Solution Id: 69d456e96-9a98-4ce8-8297-3d4d5b10be35
- Solution Name: The Identity Hub Claim Provider
Information about The Identity Hub SharePoint Features
- The Identity Hub Claim Provider Feature Id: 267fea02-559f-42f1-ad09-0f91c4a8fd3d
- The Identity Hub Claim Provider Path: TheIdentityHubClaimProvider
- The Identity Hub Trusted Identity Token Issuer Feature Id: 1d60a4f4-7fa3-471c-8ba6-947b6154f571
- The Identity Hub Trusted Identity Token Issuer Path: TheIdentityHubTrustedIdentityTokenIssuer
Diagnostics
The Identity Hub SharePoint Solution has diagnostic logging for configuration and operational steps.
- Logging Category: The Identity Hub Trusted ClaimProvider
Steps to resolve install and uninstall issues
If something went wrong and the install/uninstall did not succeed, perform the following steps.
- Make sure the Authentication Provider is no longer used in any Web Application. If you get a message
Authentication Provider still in useperforming the steps below, it means at least one Web Application still has The Identity Hub as Authentication Provider. - Open the SharePoint 2013 Management Shell.
- At the Windows PowerShell command prompt, type the following command to disable the first feature:
Disable-SPFeature -Identity "TheIdentityHubClaimProvider" -Force
- At the Windows PowerShell command prompt, type the following command to disable the second feature:
Disable-SPFeature -Identity "TheIdentityHubTrustedIdentityTokenIssuer" -Force
- At the Windows PowerShell command prompt, type the following command to remove the Trusted Identity Token Issuer:
Remove-SPTrustedIdentityTokenIssuer -Identity "The Identity Hub {tenant}"
If you get the message that no such object exists, it means the disabling of the features was successful.
- At the Windows PowerShell command prompt, type the following command to remove the Claim Provider:
Remove-SPClaimProvider -Identity "TheIdentityHubTrustedClaimProvider"
If you get the message that no such object exists, it means the disabling of the features was successful.
- At the Windows PowerShell command prompt, type the following command to uninstall The Identity Hub SharePoint Solution:
Uninstall-SPSolution -Identity "the identity hub claim provider.wsp"
- At the Windows PowerShell command prompt, type the following command to remove The Identity Hub SharePoint Solution:
Remove-SPSolution -Identity "the identity hub claim provider.wsp"
- At the Windows PowerShell command prompt, type the following command to add The Identity Hub SharePoint Solution:
Add-SPSolution -LiteralPath [path to the The Identity Hub SharePoint solution package]
- At the Windows PowerShell command prompt, type the following command to install The Identity Hub SharePoint Solution:
Install-SPSolution -Identity "the identity hub claim provider.wsp" -GACDeployment -Force
- At the Windows PowerShell command prompt, type the following command to enable the first feature:
Enable-SPFeature -Identity "TheIdentityHubClaimProvider"
If you get the message that the feature was already activated, it means the deployment of the Solution was successful.
- At the Windows PowerShell command prompt, type the following command to enable the second feature:
Enable-SPFeature -Identity "TheIdentityHubTrustedIdentityTokenIssuer"
If you get the message that the feature was already activated, it means the deployment of the Solution was successful.
- Follow the instructions under Install the SharePoint solution to configure your Web Application.