Add Relying Party
- Open ADFS Manager.
- Expand Trust Relationships.
- Right click Relying Party Trusts and select Add Relying Party Trust…
- At the wizard screen, click Start.
- Select the third option - Enter data about the relying party manually - and click Next.
- Enter Firmex as the Display Name and click Next.
- Select ADFS profile and click Next.
- Click Next.
Select Enable support for the SAML 2.0 Web SSO protocol
Enter this URL: https://login.firmex.com/authenticate/saml
- As a Relying party trust identifier enter firmex.com, click Add and Next.
- Click Next three times, and then Close.
A new window will open.
Adding Issuance Transform Rules
- Under the Issuance Transform Rules tab, click Add Rule...
- Select Send LDAP Attributes as Claims and click Next.
- Enter a Claim rule name , select Active Directory as Attribute store, E-Mail Addresses as LDAP Attribute and NameID as Outgoing Claim Type. Click Finish.
Add Delegation Authorization Rules
- Under the Delegation Authorization Rules tab, click Add Rule...
- Select Transform an Incoming Call as Claim rule template. Then click Next.
- Enter a Claim rule name, select E-Mail Address as Incoming claim type and E-Mail Address as Outgoing claim type. Then click Finish.
- Click Apply then click OK.
Get the certificate value
Open ADFS Manager.
Expand Services, then click Certificates.
Right click Token-signing, then click View Certificate…
Click the Details tab, then click Copy to File…
Select Base-64 encoded X.509 (.Cer). Enter the location where you would like to save the certificate and click Next, then Finish. You will need the values between the first and the last line.
Get a user's email address
- Open Active Directory Users and Computers
- Expand Firmex and double click Users
- Right click the user and select Properties.
- Go to the Account tab. You will see users email address and email domain.
Configuring SSO on the Firmex side
Follow the steps described in this article.