Download our handy ADC checklist at the bottom of this page!

When supporting seamless SSO the ADC acts as a local, self-hosted, web app server.  This server must support https, therefore a valid SSL/TLS certificate is required, this is covered in detail later in this document.

This server must be able to connect to the My1Login cloud services (https://app.my1login.com) and must also be resolvable (on its custom port) by all users within the enterprise.

1.1  ADC Server Software

These following items need to be installed on the server that hosts the AD Connector:

1. Server Operating System, Windows Server 2012 or later
   

1. .NET Framework 4.8, or later
   

1.2  ADC Service User

The ADC is a windows service that runs as an AD user. It is recommended that a service user be created for the ADC.

If using ADSSPR, it is necessary that the service user has domain admin permissions.

1.3  ADC Server Networking Requirements

The ADC must be able to connect to your company’s sub-domain under my1login.com (e.g. https://mycompany.my1login.com) over port 443 and be able to connect to https://messaging.my1login.com and https://msg.my1login.com over the same port (443).

To support seamless SSO within the enterprise, your users’ browsers must be able to connect to the ADC’s self-hosted app server.  This app server runs on a custom port (default 47810) and it must be bound to a valid certificate whose subject matches the hostname of the server.

The ADC is proxy aware and works with most authenticating and non-authenticating proxies.  However, the configuration in your enterprise may be such that rules have to be added to allow direct connection to the my1login.com domain.

Some sites require that the my1login.com domain is added to the trusted sites zone in internet options.

1.4  Server Time

My1Login’s web service calls use an HMAC scheme to help protect against malicious use.  This scheme requires that the clocks on the client servers / PCs and the My1Login servers are no more than 5 minutes adrift. 

The ADC management UI shows this time difference.

1.5  Web Configuration Details

You will need the following information to hand to configure the web app for the ADC:

1. The hostname of the server the ADC will be installed on
2. The port that you wish the ADC app server to run against (47810 is our default value)
3. Domain controller hostname
4. Domain name
5. BaseDN of the domain
   
1. Normally just the domain name with “DC=” before each part
   
2. E.g. for domain dev.my1login the BaseDN is DC=dev,DC=my1login
   
6. The DN(s) of the roots of the tree(s) you wish to sync with My1Login.

1.6 Domain Controller Prerequisites

1. To create a valid, local certificate, the domain controller must be running AD Certificate Services (or you have an alternative way of creating valid domain certificates).
   

1.7  .Net Framework connectionManagement option

In .NET by default, supports only 2 TCP connections to the same IP address in parallel. This will affect the number of users who can login per second. The following is a link to Microsoft on more information around this setting.

https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/network/add-element-for-connectionmanagement-network-settings

Here is a suggested formula to figure out if you need to increase the number of connections required for users to login:

maxconnection = ((Estimated number of logins per second) x (10)) / (Number of ADC machines)

1.7.1 Changing the maxconnection setting value

The file where this option can be set is in the following file directory on your server:

“C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config”

You can add the following to change the max number of connections:

  <system.net> 

    <connectionManagement> 

      <add address="https://*.my1login.com" maxconnection="the number you require" />

    </connectionManagement> 

  </system.net>

Where “the number you require” equals the number from the maxconnection formula you used above.