How can we help?

Microsoft AD FS SAML setup guide

Emily B
Emily B

Step 1: Configure a Relying Party Trust

Open the AD FS Management console.

Click "Relying Party Trusts" on the left sidebar.

A screenshot showing where to find 'Relying Party Trust' in the AD FS Management Console.

Open the "AD FS Relying Party Trust Wizard" by clicking "Add Relying Party Trust..." on the right sidebar.A screenshot showing where to add the AD FS Relying Party Trust.

A screenshot showing where to add the AD FS Relying Party Trust.

Select "Claims aware" and then "Start".

A screenshot showing where to select claims in the AD FS Relying Party Trust Wizard.
A screenshot showing where to select claims in the AD FS Relying Party Trust Wizard.

Download the Metadata File.

This will be provided to you by Ten Thousand Coffees via a setup link.

Select "Import data about the relying party from a file," then select the SP Metadata file you downloaded, then click "Next".

A screenshot showing where to import the Metadata File.
A screenshot showing where to import the Metadata File.

Select "Permit everyone" and then "Next".

A screenshot showing where to configure access control permissions in the AD FS Relying Party Trust Wizard.
A screenshot showing where to configure access control permissions in the AD FS Relying Party Trust Wizard.

Step 2: Choose Access Policy

Click the "Endpoints" tab and confirm that the "SAML Assertion Consumer Endpoints" matches the "SAML Assertion Consumer Endpoints" URL provided to you by Ten Thousand Coffees via a setup link. If the URL matches, click "Next".

A screenshot showing where to find the ACS URL in AD FS.

Select "Configure claims issuance policy for this application" and "Close".

A screenshot showing where to configure the AD FS claims.
A screenshot showing where to configure the AD FS claims.

Step 3: Configure Claims Issuance Policy

Click "Add Rule" in the "Edit Claims Issuance Policy" window.

A screenshot showing where to add a rule in the Edit Claims Issuance Policy window.

Select "Send LDAP Attributes as Claims" and then "Next".

A screenshot showing where to select a rule template in the Transform Claim Rule Wizard.
A screenshot showing where to select a rule template in the Transform Claim Rule Wizard.

Submit "Attributes" as "Claim rule name:"

Select "Active Directory" as "Attribute Store"

Fill in the following Attribute mappings:

LDAP Attributre

Outgoing Claim Type

E-Mail-Addresses

E-Mail Address

Given-Name

Given Name

Surname

Surname

User-Principal-Name

UPN

 
A screenshot showing where to map attributes in the Transform Claim Rule Wizard.

Step 4: Upload Metadata URL

You'll need to obtain the Metadata URL from your ADFS server. ADFS publishes its metadata to a standard URL by default: (https://SERVER/federationmetadata/2007-06/federationmetadata.xml) where "SERVER" is your federation service FQDN. You can also find your ADFS Federation Metadata URL through the AD FS Management in "AD FS -> Service -> Endpoints" and navigate to the Metadata section.

A screenshot showing where to find the AD FS Metadata URL.

Upload the Metadata URL to activate the connection.

You will upload the Metadata URL through the setup link provided to you by Ten Thousand Coffees

Step 5: Test Single-Sign On

Ten Thousand Coffees will ask you to try signing in to test the connection.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.