This article goes over how to set up Signal Sign On with AD FS.
This document is based on the Windows Server 2019 platform
AD FS does not support SCIM
Open “AD FS Management”
Click to “Start” and search “AD FS” then select “AD FS Management”.
On the “AD FS Management” window, right click to “AD FS > Relying Party Trusts” then select “Add Relying Party Trust Wizard”.
On the “Add Relying Party Trust Wizard” popup:
Choose “Claims aware” then click “Start”.
Choose “Enter data about the relying party manually” then click “Next”.
Click “Next” until “Configure URL”.
Tick “Enable support for the SAML 2.0 WebSSO protocol”
Fill in the “Rely party SAML 2.0 SSO service URL” with the value “SP Assertion Consumer Service”
Fill in the “Relying party trust identifier” with the value “SP Entity ID”, click “Add” then “Next”.
Choose an access control policy then click “Next” until the end.
On the “AD FS Management” window, select the Relying Party item that needs to be mapped attributes.
Click to “Edit Claim Issuance Policy…”
On the “Edit Claim Issuance Policy for <Paty_Name>” popup, click to “Add Rule”.
On the “Add Transform Claim Rule Wizard” popup:
Select “Send LDAP Attributes as Claims” then click “Next”.
Fill the “Claim rule name”.
Select the Attribute store. (default “Active Directory”)
Mapping attributes followed by the below table then click “Finish”.
Outgoing Claim Type
You can download the “Federation Metadata” file in the link: <your-adfs-domain>/FederationMetadata/2007-06/FederationMetadata.xml.
Important note: After changing any config ADFS, the Federation Metadata file will be changed. So, the user needs to update the Metadata file to SSO Config in Gamma or Federation Metadata public url to ensure the CF will use the latest Federation Metadata file.
Open the “Active Directory Users and Computers”
Start > type “Active Directory Users and Computers” > select the “Active Directory Users and Computers” application.
Select the domain in the left menu.
Select “ADFS” under the domain.
Right click on the “ADFS”.
Select “New” > “User” and type the user information.
Type the password and “Next” > “Finish”.
Right click on the user and select “Properties” to set the user mail.