Setting up SSO with ADFS

Administrators use the following steps when preparing to run SSO with ADFS.

  1. Open Server Manager and select Tools > ADFS Management.
  2. Select Service > Endpoints and confirm that /adfs/ls is present and is turned on.
  3. In the Certificates view, confirm certificates are present for the following:
    • Service communications
    • Token-decrypting
    • Token signing
  4. Go to Trust Relationships > Relying Party Trusts and select Add Relying Party Trust.
  5. Select Enter data about the relying party manually.
  6. For the Display name, specify Prophix SSO.
  7. You do not need a token encryption certificate.
  8. Select the SAML 2.0 WebSSO protocol.

  9. Specify the ACS URL from Prophix:

    https://<PROPHIX_INSTANCE_URL>/sso/Saml2/Acs

    where <PROPHIX_INSTANCE_URL> is the URL for your Prophix Cloud instance.

  10. For a Relying party trust identifier, add:

    https://<PROPHIX_INSTANCE_URL>/sso/Saml2

  11. Skip the Multi-Factor Authentication step.
  12. For Preferred authorization rule, select Permit all.
  13. After your Relying Party is set up, right-click Relying Party and select PropertiesEndpoints.
  14. Verify the following:
    • The endpoint binding is set to POST.
    • The endpoint for the Relying Party is the same as the trust identifier URL.
  15. To set up the Claim Transformation Rule:
    • Right-click the Relying Party Trust previously created and select Edit Claim Rules.
    • Select the Issuance Transform Rules tab.
    • Click Add Rule.
    • Verify that Send LDAP Attributes as Claims is selected.
  16. Configure the Claim Rules as follows:
    • Name: Prophix Claim Rules
    • Attribute store: Active Directory
    • In the LDAP mapping table, add the mapping E-Mail-Addresses to Name ID
  17. To get the ADFS Federation Metadata file:

    • In a browser, go to:

      https://<adfsservername>/FederationMetadata/2007-06/FederationMetadata.xml

    • Save the file.
  18. You are now ready to set up SSO.