How to configure Single Sign On with ADFS 3.0

Document created by Joseph Brown Employee on May 8, 2018
Version 1Show Document
  • View in full screen mode

 From ADFS Management Console, start the wizard for a new relying party trust:

 

 Just click start to move forward:

 

Make sure you enter the correct URL for your organization tenant and click next:

 

Enter a name and description for the relying party:

 

Skip the multi-factor authentication:

 

Permit all users to access this relying party:

 

Review the information and click next:

 

On the last screen, just click close and the Edit claim rules window will open:

 

Click on Add Rule. button to add a new rule. When the wizard appears, select Send LDAP Attributes as Claims for the rule template and click next:

 

Set a rule name, set Active Directory as the attribute store and configure the appropriate attribute mapping. Then click finish.

 

 

Add a second rule but select the rule template Transform an Incoming Claim and click next:

 

Set a rule name and set the following parameters:

  • Incoming claim type: AD FS 1.x E-Mail Address

  • Outgoing claim type: Name ID

  • Outgoing name ID format: Email

  • Select Pass through all claim values

Click finish.

 

Confirm the changes by clicking the OK button:

 

ADFS configuration is done and you're ready to setup Samanage SSO!


Note: The two required fields in Samanage are:

Identity Provider URL  - This is the full ADFS server url with the SAML endpoint which is typically https://server.com/adfs/ls 
X 509 Certificate - This is the Token-Signing Certificate from ADFS exported in Base 64-encoded X.509 (.CER)

Attachments

    Outcomes