Enabling Federation Services for Your Firm

After a successful pilot test of Federation Services by your default administrator, you can enable Federation Services for your firm.

ImportantWolters Kluwer may need to make changes to your account to ensure continued access to CCH Axcess after you implement Federation Services. Before beginning Federation Services setup, we recommend reviewing the knowledge base article Planning for Changes to CCH Axcess Login Mode, and then contacting Wolters Kluwer so we can make the necessary changes.

To enable Federation Services for your firm, do the following:

  1. Open Dashboard, click Application Links on the navigation panel, and then click Settings and defaults under Firm.
  2. Click Login Setup on the navigation panel.
  3. Select Federation Services as the login mode.
  4. Review the Federation Services configuration.

    Note: If you need to edit your Federation Services configuration, you must click Enable Pilot mode to test your changes to firm's Federation login settings on the Login Setup window.

    5. Component Description
    Identity Provider certificate Enter the path or browse to locate the Federation Services token signing certificate, X509 Public key certificate, with a .cer file extension and DER Encoded Binary format.
    Secondary certificate Enter the path or browse to locate the secondary token signing certificate. In the event the primary certificate expires, the secondary certificate will automatically be used.
    View Certificate details Select to view details of the primary or secondary certificate, including validity dates.
    Issuer

    Enter the issuer of the authentication token that is sent from the Federation Server. The issuer is used to authenticate users during the login process. Retrieve this value from the AD FS Management > Federation Service Properties > Federation Service identifier field.
    Identity Provider service URL If your firm has previously set up the Active federation type, the IdP service URL displays here. The Active type is only available to firms who have previously implemented that type.
    Entity ID Enter the unique ID that Federation Services will use to identify that the caller is CCH Axcess. The entity ID is unique in your firm’s Federation Services server. If you edit the Federation Services settings, you must enter a new unique entity ID.
    Claim type

    Select from User ID, staff system email address, or, if your firm uses AD to manage staff, AD User SID.

    If you select AD User SID and your firm is not currently configured for AD, the AD wizard opens, allowing you to configure the AD integration in addition to the AD FS settings.

    Note: If a staff must update the information that is being used for the claim type, it can only be edited by a CCH Axcess  user with functional rights to edit security groups for all organizational units of the firm.
    Federation Type

    All new implementations of Federation Services should use the Passive type. The Active type is only available for firms who have previously set up Federation Services.

    • Passive federation uses SAML2.0 WebSSO protocols for claim-based authentication.
    • Active federation supports WS-Federation protocols (SAML 1.0 and 1.1 for claim-based authentication. Select this option only if you need to change something while remaining on Active Federation.
    Identify Provider service URL If your firm previously set up Active federation, the Identify Provider service URL displays here. The Active type is only available to firms who have previously implemented that mode.
    SAML Single Sign On service URL and SAML version For Passive federation, enter the SAML SSO service URL and select the SAML version.
  5. Do one of the following:
    • Manage staff with Active Directory.
      1. Select Manage staff using your firm's Active Directory to synchronize staff between your firm's Active Directory and CCH Axcess.

        2. Note: Service User accounts must clear this option. The Staff Import Utility can be used to import new user's or they can be added manually in Staff Manager.

      2. Click Next.
      3. Provide the domain and credentials to connect to the location for the Active Directory users.
    • Manage staff in CCH Axcess. Clear Manage staff using your firm's Active Directory. The Staff Import utility can be used to import new users or they can be added manually in Staff Manager.
  6. Click Finish to enable Federation Services for your firm.