All Categories Single Sign-On (SSO) How to set up SAML SSO settings using ADFS?

How to set up SAML SSO settings using ADFS?

By Neda Ali
October 16, 2023

This guide is to provide a clear and concise step-by-step approach to facilitate effective user navigation within the ADFS (Active Directory Federation Services) platform.  

 

I. Create an enterprise application in ADFS 

  1. Log in/Access to ADFS Management Window 

  1. From the Side Menu bar, select ‘Replying Party Tasks’ 

 1_ADFS.png

  1. After opening the ADFS Management Window, select click on ‘Add Replying Party Task Wizard’ 

  1. Select ‘Claims aware’ from the Reply Party Wizard >> Click on ‘Start’ button 

 2_ADFS.png

 

II. Select data source 

  1. In the Select Data Source Window, choose ‘Enter the data about the Replying Party Manually’ 

 3-_ADFS.png 

  1. Click ‘Next’ to continue 

  1. In the Specify Display Name Window >> Display Name>> Give the Application Name 

 4_ADFS.png 

  1. Click ‘Next’ to continue 

  1. Skip the ‘Configure URL’ section / (Window)  

  1. Click ‘Next’ to continue 

III. Configure URL 

  1. In the Configure URL window, choose ‘Enable Support for the SAML 2.0 Web SSO Protocol’ 

  1. Paste the URL against ‘Reply Party SAML 2.0 SSO Service URL’ for Server URL from Beagle by navigating back to Beagle SSO Settings page 

 5_ADFS.png 

  1. Navigate back to Beagle Security page 

 

IV. Beagle SSO settings 

  1. From the Beagle SSO settings page, Choose ADFS >> Start Integration 

 6_ADFS.png

 

 

  1. Copy the ‘Reply URL’ from here and paste against the ‘Reply URL’ in ADFS 

  1. Click ‘Next’ to continue 

 

V. Configure identifier 

  1. CopySSO Service URL’ and paste it against SSO Service URL in ADFS 

2. Copy the Relying Party trust Identifier and paste it against ‘Relying Party Trust Identifier’ 

 7_ADFS.png

 3. Click ‘Next’ to continue 

 

VI. Choose access control policy 

  1. In ‘Choose Issuance Authorization Rules’ >> Click on ‘Permit Everyone’ 

  1. Click ‘Next’ to continue 

  1. Skip the ‘Reply URL’ section 

  1. Click ‘Next’ to continue 

  1. An application with the ‘given name’ is created 

  1. Click the ‘application’ and edit the claim issuer 

 

VII. Edit SAML attribute claim rules for your ADFS App 

  1. In the Edit Claim Rules for the given application name window, >> click on ‘Add Rule’ under the ‘Issuance Rules Tab’ 

 8_ADFS.png

  1. The ‘Add Transform claim Rule Wizard window’ opens 

  2. Select ‘Send LDAP Attributes as Claims’ as the ‘Claim Rules’ 

 10_ADFS.png

 

  1. Click ‘Next’ to continue 

  2. Enter the Claim Rule name as ‘Email’ 

  3. Set ‘Attribute Store’ to ‘Active Directory’ 

  4. Select LDAP Attribute as Email and Outgoing Claim Type as ‘Email’ 

  5. Click on ‘Finish’ to finish the first claim 

 9_ADFS.png 

  1. Similarly, add the subsequent claims- (make sure you select the accurate options because the integrations may not work if the variants chosen does not match) 

  2. Select Pass through all claim values and click Finish. 

 

VIII. Federation meta URL 

  1. Navigate back to Beagle Security SSO settings Page 

  1. Click on ‘Add Identity Provider’ 

  2. Get the ADFS Federation Metadata by using this URL https://< ADFS_Server_Name >/federationmetadata/2007-06/federationmetadata.xml. 

(Note: Update your ADFS server name and paste the Federation Metadata URL from the Beagle Security Page) 

  1. Paste the created URL in Beagle 

  2. Click on ‘TURN ON’ to activate the integration 

Was this article helpful?

Thanks for your feedback!
© © Beagle Security. All rights reserved. 2024
Powered by Powered By HelpSpace