Add Relying Party Trust
- In Server Manager, click Tools, and then select AD FS Management.
...
4. choose "import data about relying part Relying party from a file". use file at https://www.dropbox.com/s/0ft3kku6hpsh21kgtnoz6bg0mwjixf/metadata.xml?dl=0 (please download).click Click next.
5. Add "EdSmart_RelyingParty" as the display name.
6. Give permissions to the Group.click Click next/finish.
Here the group will be any group that needs to use SSO. Make sure that all users who will use SSO, are member members of this group.
7. Finish. you can see the relying party added.
Add Rules
- In Server Manager, click Tools, and then select AD FS Management.
- Click on Edit claim issuance policy...
3. In the opened window, click add
...
now we need to replace the highlighted URL to simply role(see next screenshot)
12. "URL" replaced with "role". Click finish.
13. you can remove the previously created MembershipRule
...
| No Format |
|---|
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("UserID", "mail", "givenName", "sn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = ";mail,mail,givenName,sn,mail;{0}", param = c.Value); |
16. you are doneFinally, provide EdSmart with a test username and password that we can use to verify and troubleshoot the SSO integration, also share your metadata to us and we'll config on our side.
| Info |
|---|
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...