Configuring ADFS SAML SSO for Active Directory (AD) and LDAP (Agent Portal) - Server 2016

Updated: 02/01/2022
Article #: 364


Note: To configure Cayzu's ADFS SAML SSO your ADFS must be installed properly according to Microsoft's blog

 

1.Open ADFS Management under Server Manager > Tools.

2.Open Trust Relationships, right click on Relying Party Trusts and choose Add Relying Party Trust and click on Start

 

 

3.Choose Enter data about the relying party manually and click Next

 

 

 

4.Enter a Display name and click Next

 

 

5. You can Click Next twice to skip to the next required screen which will be the "Configure URL" screen.


6. On the Configure URL screen, put in the "Relying party SAML 2.0 SSO service URL" to: https://portal.cayzu.com/Account/SamlSsoLoginRespond

 

Note: The URL is case sensitive. So please use ..../SamlSsoLoginRespond

 

 

7. Add cayzu as a Relying party trust identifier

 

 

8. Click 'Next' on the following screens, then click “Close”.

 

 

9. Click “Edit claims issuance policy” and then Click Add Rule

 

 

 

10. Create the following rule based on “Send LDAP Attributes as Claim” template, and use the described below values for mapping

 

 

“E-Mail-Addresses”   <--> “E-Mail-Addresses” or “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress” 

“Given-Name”  <--> “Given-Name” or “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname” 

“Surname”  <--> “Surname” or “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname” 

“Telephone-Number”  <--> “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/telephonenumber

 

 

 

11. Create the following rule based on “Transform an Incoming Claim”

 

 

 

 

12. Click on Service > Certificates and right click on Token Signing Certificate to view the certificate

 

 

 

13. Click on the 'Details' tab in the Certificate dialog box. Click on 'Copy to File'. In the resulting Certificate Export Wizard window, choose 'Base-64 encoded X.509 (.CER) and then click on Next

 

14. Now log in to your Cayzu Agent portal with an Administrative account and Click on Admin (left side menu) to access the Admin section.

 

15. Now Click Single Sign On (Agent) and fill in the required information:

 

SAML Login URL: https:// Your ADFS Server Host Name/adfs/ls 

Remote Logout URL: Can be any URL that you wish

Certificate: The certificate you saved in the previous steps.

 

 

 

16. You're now all set.  To test it out, go to https://portal.cayzu.com and Click SSO Sign in or provide your agent's with a URL that includes parameters to avoid having to select the SSO type or their domain.   

 

 

 

 

Want more information on Cayzu Help Desk? Visit www.cayzu.com

 

 






Rate this Topic:
Rating: 5.00 / Votes: 1