Skip to main content

Implement SSO through ADFS

 

Eptura Knowledge Center

Implement SSO through ADFS

Step 1: Add a Relying Party Trust

Select the Relying Party Trusts folder from AD FS Management, and add a new Standard Relying Party Trust from the Actions sidebar. This will start the configuration wizard.

Screen Welcome

Image1.png

Click on Start.

Screen Select Data Source

Image2.png

Select the last option, Enter Data About the Party Manually, and click Next.

Screen Specify Display Name

Enter a Display name (e.g., Proxyclick login). You can enter some Notes if you like.

Image3.png

Click on Next.

Screen Choose Profile

Image4.png

Select the ADFS FS profile radio button and click on Next .

Screen Configure Certificate

Image5.png

Leave the certificate settings at their defaults, and click on Next .

Screen Configure URL

Image6.png

Check the box Enable Support for the SAML 2.0 WebSSO protocol.

Go to the Proxyclick Marketplace and install Microsoft AD FS.

Copy the Relying party SAML 2.0 SSO service URL and paste it into the corresponding field in AD FS.

Image7.png

Click on Next.

Screen Configure Identifiers

Image8.png

Copy the First relying party trust identifier and the Second relying party trust identifier and paste them in the corresponding fields in ADFS.

Image9.png

Click on Next.

Screen Multifactor Authentication Now?

Image10.png

You may configure multifactor authentication, but this is beyond the scope of this guide.

Click on Next.

Screen Issuance Authorization Rules

Image11.png

Select the Permit for all users to access this relying party radio button and click Next.

Screen Ready to Add Trust

Review your settings and click on Next.

Screen Finish

Image12.png

Click on the Close button to exit the wizard and go to the Claim Rules editor.

Step 2: Creating claim rules

Image13.png

Create a first rule by clicking on Add RuleScreen Choose Rule Type.

Image14.png

Select Send LDAP Attributes as Claims in the rule template list. Click on Next.

Screen Configure Claim Rule

Image15.png

Enter a Claim rule name (e.g., LDAP Email). Select Active Directory in the Attribute store list. Choose Email Addresses for the LDAP Attribute column and Email Address for the Outgoing Claim Type column.

Click on OK to create the new rule.

Create a second rule by clicking on Add rule.

Screen Choose Rule Type

Image16.png

Select Transform an Incoming Chain in the rule template list. Click on Next.

Screen Configure Claim Rule

Image17.png

Enter a Claim rule name (e.g., Email Transform). Select the Email address for the Incoming Claim Type. Select Name ID for the Outgoing Claim Type and select Unspecified (not Email) for the Outgoing name ID format (see green arrow). Leave Pass through all claim values selected.

Click OK to save the claim rule.

Step 3: Configuring SAML in Proxyclick

Go back to the AD FS configuration page in Proxyclick and complete the following information:

  • Issuer (“entityID” in the metadata file).

  • SAML 2.0 Endpoint URL (URL of your AD FS login page).

  • Certificate (“Token signing” certificate) (including BEGIN and END header and footer).

Image18.png

Optional: in case you request a signature, you can enable the SAML Requires Signature option, and you will have a button to download the Certificate.

Click on Save.

Your AD FS connection is ready. You can now use the URL in the Second relying party trust identifier (should look like: https://saml.proxyclick.com/init/CO-XXXX where CO-XXXX is your company id) field to log into Proxyclick using AD FS SSO or log into AD FS as a user and choose the Proxyclick app. But you will still need to add users in Proxyclick before you try to log in with SSO.

ADFS is currently available with our SSO add-on.