This article assumes you've already configured Single Sign-On integration with FMX using Active Directory Federation Services (AD FS). Click here if you haven't yet configured Single Sign-On integration.

This step is entirely optional, however, if you would like to provision users directly through AD FS rather than through FMX, please follow the instructions below.

On-Prem Active Directory Federation Services (AD FS)

Synchronize user type:

  1. Create an AD security group for each FMX user type. Use a naming convention that makes sense for your organization, such as:
    • "FMX User Type - FMX Administrator" for the "FMX Administrator" user type
    • "FMX User Type - Maintenance Tech" for the "Maintenance Tech" user type
  2. Create an AD FS transform rule for each AD security group using the "Send Group Membership as a Claim" template. Follow this example for each user type:
    • Transform rule name: "Set user type to FMX Administrator"
    • User's group: "FMX User Type - FMX Administrator"
    • Outgoing claim type: http://schemas. gofmx.com/ws/2015/05/identity/ claims/usertypeid
    • Outgoing claim value: Enter the numeric identifier used by FMX for this user type. The identifier is exposed in the federation metadata document at: https://yourcompany.gofmx.com/federationmetadata/2007-06/federationmetadata.xml.
  3. Assign users to the appropriate security group in AD. Note that a user can only be assigned to a single user type and multiple assignments will result in a server error when authenticating with FMX.

Synchronize building access:

  • Create an AD security group for each FMX building. Use a naming convention that makes sense for your organization, such as:
    • "FMX Building - Sample Building 1" for the "Sample Building 1" building
    • "FMX Building - Sample Building 2" for the "Sample Building 2" building
  • Create an AD FS transform rule using the "Send Claims Using a Custom Rule" template to clear a user's building access:
    • Transform rule name: "Clear building access"
    • Custom rule: "=> issue(Type = "http://schemas.gofmx.com/ws/ 2015/05/identity/claims/buildingaccess", Value = "{ AllBuildings: true, Access: 'Deny' }");"
  • Create an AD FS transform rule for each AD security group using the "Send Group Membership as a Claim" template. This will grant a user building access if they are a member of the AD security group. Follow this example for each building:
    • Transform rule name: "Grant building access for Sample Building 1"
    • User's group: "FMX Building - Sample Building 1"
    • Outgoing claim type: http://schemas.gofmx.com/ws/2015/05/identity/claims/buildingaccess
    • Outgoing claim value: "{ BuildingID: <value>, Access: 'Grant' }"
      • Replace "<value>" with the numeric identifier used by FMX for this building. The identifier is exposed in the federation metadata document at: https://yourcompany.gofmx.com/federationmetadata/2007-06/federationmetadata.xml.

Assign users to the appropriate security groups in AD. Note that a user can be assigned access to multiple buildings in FMX.

Synchronize transportation driver flag:

  1. Create a single AD security group for transportation drivers. Use a naming convention that makes sense for your organization, such as:
    • "FMX Transportation Driver"
  2. Create an AD FS transform rule using the "Send Claims Using a Custom Rule" template to clear a user's transportation driver flag:
    • Transform rule name: "Clear transportation driver flag"
    • Custom rule: " => issue(Type = "http://schemas.gofmx.com/ws/2015/05/identity/claims/candrive", Value = "");"
  3. Create an AD FS transform rule using the "Send Group Membership as a Claim" template to enable a user's transportation driver flag if they are a member of the AD security group:
    • Transform rule name: "Enable transportation driver flag"
    • User's group: "FMX Transportation Driver"
    • Outgoing claim type: http://schemas.gofmx.com/ws/2015/05/identity/claims/candrive
    • Outgoing claim value: "True"
  4. Assign appropriate users to this security group in AD.

Was this article helpful?

  • 0 out of 1 found this helpful