Step 1: Configure a Relying Party Trust
Open the AD FS Management console.
Click "Relying Party Trusts" on the left sidebar.
Open the "AD FS Relying Party Trust Wizard" by clicking "Add Relying Party Trust..." on the right sidebar.
Select "Claims aware" and then "Start".
Download the Metadata File.
This will be provided to you by Ten Thousand Coffees via a setup link.
Select "Import data about the relying party from a file," then select the SP Metadata file you downloaded, then click "Next".
Select "Permit everyone" and then "Next".
Step 2: Choose Access Policy
Click the "Endpoints" tab and confirm that the "SAML Assertion Consumer Endpoints" matches the "SAML Assertion Consumer Endpoints" URL provided to you by Ten Thousand Coffees via a setup link. If the URL matches, click "Next".
Select "Configure claims issuance policy for this application" and "Close".
Step 3: Configure Claims Issuance Policy
Click "Add Rule" in the "Edit Claims Issuance Policy" window.
Select "Send LDAP Attributes as Claims" and then "Next".
Submit "Attributes" as "Claim rule name:"
Select "Active Directory" as "Attribute Store"
Fill in the following Attribute mappings:
LDAP Attributre | Outgoing Claim Type |
E-Mail-Addresses | E-Mail Address |
Given-Name | Given Name |
Surname | Surname |
User-Principal-Name | UPN |
Step 4: Upload Metadata URL
You'll need to obtain the Metadata URL from your ADFS server. ADFS publishes its metadata to a standard URL by default: (https://SERVER/federationmetadata/2007-06/federationmetadata.xml) where "SERVER" is your federation service FQDN. You can also find your ADFS Federation Metadata URL through the AD FS Management in "AD FS -> Service -> Endpoints" and navigate to the Metadata section.
Upload the Metadata URL to activate the connection.
You will upload the Metadata URL through the setup link provided to you by Ten Thousand Coffees
Step 5: Test Single-Sign On
Ten Thousand Coffees will ask you to try signing in to test the connection.