Views:
iwsaas-art01-saml.png

Procedure

  1. If you have not done so, download the Synchronization Agent from the TMWS management console and install it in your Intranet.
    The Synchronization Agent connects to your Active Directory to synchronize user and group data with TMWS.
    The data transmits over the HTTPS protocol on port 443 and this port is usually open on Firewall A by default, as depicted in the graphic above.
  2. On Firewall A, open port 443 (or your custom port if you chose another port) to allow any IP to connect to your AD FS server.
  3. On Firewall B, open port 389 or 636 if SSL is enabled in Active Directory (or your custom port if you chose another port) to allow the AD FS server connect to the Active Directory.
    Note
    Note
    Putting the AD FS server in the DMZ allows user authentication regardless if they are inside the corporate network (User A) or outside of it (User B). But if you deploy the AD FS server in the Intranet, only User A, who is inside the corporate network, can authenticate and log on to TMWS.
    Source
    Destination
    Firewall Settings
    Intranet
    TMWS services
    Port 443 on Firewall A (normally open)
    Internet
    AD FS server in DMZ
    Port 443 on Firewall A
    AD FS Server in DMZ
    Active Directory Server
    Port 389 on Firewall B (or 636 when SSL is enabled)