Search

ADFS

Chi
Chi
  • Updated
This feature is not available on Free or Starter plans. Want this and other premium features? Update your plan here.

Set up

Configure a manual RPT with the following attributes (xxxxxxxxxxxxxxxxxx will be generated for your in the SSO setup page in your account) Display name: zeroheight RP trust identifier: zeroheight:xxxxxxxxxxxxxxxxxx Secure hash algorithm: SHA-1 If enabled, please provide the signing certificate: not currently enabled If enabled, please provide the encryption certificate: not currently enabled If WS-Fed is used, please provide the WS_Federation: not enabled If SAML is used, please provide the logon and optionally the logout endpoints with binding type: login = https://zeroheight.com/sso/acs/xxxxxxxxxxxxxxxxxx You'll need to set your ADFS to request a specific name ID format

Claims

1) In the Edit Claim Rules window, click on the Add Rule button under the Issuance Transform Rules tab. Red rectangle around Add Rule button 2) The Add Transform Claim Rule Wizard window opens where you need to select Send LDAP Attributes as Claims as the Claim rule template, and click Next. Red rectangles around the Claim rule template area and Next button 3) Enter a name for your Claim Rule, for example, “email,” then set Attribute store to Active Directory. 4) Now we need to enter LDAP attributes. We will enter the LDAP attribute E-Mail-Addresses twice and set their outgoing types to E-Mail Address and email. Similarly, we will enter the LDAP attribute Given-Name twice and set their outgoing types to Given Name and FirstName. LDAP attributes 5) Click OK when you are done adding the required LDAP attributes. 6) You need to add another Claim Rule. So, click on Add Rule on the Issuance Transform Rules tab, select Transform an Incoming Claim, and click on Next. Red rectangles around the Claim rule template area and Next button 7) Enter a Claim rule name, for example, Incoming-claim, set Incoming claim type to E-Mail Address, set Outgoing claim type to Name ID, and set Outgoing name ID format to Email. 8) Select Pass through all claim values and click Finish. Red rectangle around the Finish button 9) In the Edit Claim Rules window, click OK.

What we need from you

You will need to input into the SSO setup page:
  • Identity Provider Single Sign-On URL and X.509 Certificate 👉 Note: If you need the Target_logout URL to set up SSO, email support@zeroheight.com and we can add it.
OR
  • Identity Provider Metadata XML

Was this article helpful?