Follow

How do I set up SSO using Active Directory Federation Services?

Configuring SkyPrep with ADFS is a multi-step process:

 

  • First, we need to enable ADFS on our Windows Server.
  • Next, we need to use the ADFS Maintenance console
  • Next, click on Add Relying Party Trust…
  • This should open the wizard.
  • Click the Start button.
  • Select Enter data about the relying party manually
  • Enter “https://[your_skyprep_domain]/saml/consume” as the display name
  • Select AD FS profile
  • Select Next on the Configure Certificate window.
  • Check Enable support for the SAML 2.0 WebSSO protocol and enter “https://[your_skyprep_domain]/saml/consume”. Then click Next.
  • Add “https://[your_skyprep_domain]/saml/consume” in the Relying party trust identifiers. Then click Next.
  • Select I do not want to configure multi-factor authentication settings for this relying party trust at this time and then click Next.
  • Select Permit all users to access this relying party.
  • In the Edit Claim Rules section, add the settings so they look like this:

 

 

You can add additional attributes to to the SAML Claims.

These can be mapped as the following in the Outgoing Claim Type column:

User.EmailNotifications
User.FirstName

User.LastName
User.Company
User.Title
User.Address
User.Address2
User.State
User.Zip
User.Cell
User.Phone
User.WorkPhone
User.Ssn
User.DateOfBirth
User.UserIdentifier
User.Gender
User.Ca0
User.Ca1
User.Ca2
User.Ca3
User.Ca4
User.Ca5
User.Ca6
User.Ca7
User.Ca8
User.Ca9
User.Ca10

 

 

<?xml version="1.0" encoding="UTF-8" ?>
  • Next, go to the SAML configuration page at https://[your_skyprep_domain]/admin/program/saml and paste the metadata (with the xml tag above) into the “idP Metadata (XML)” field.
  • Optionally, enable Automatically Create / Add Users (JIT) and Automatically Add Users to Existing Groups.

    (Note: Please update these settings using Google Chrome (and not Internet Explorer) as Internet Explorer may incorrectly present a security warning and may not be able to save the page)

 

To test the integration, visit

https://[WINDOWS_SERVER]/adfs/ls/IdPInitiatedSignOn.aspx?loginToRp=https://[your_skyprep_domain]/saml/consume

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments