How do I set up ADFS for Employee Advocacy?

If you have self-hosted ADFS on a windows server, configure it with Employee Advocacy by performing the following steps:

  1. Open AD FS Management Application, and then click Trust RelationShips > Relying Party Trusts.
    5295d401-9eff-4245-9173-0debda70de15.png

  2. Click Add Relying Party Trust from the right actions bar. The wizard appears. 

  3. Click Start on the welcome screen.

  4. Select Enter data about the relying party manually.
  5. Click Next.
    e8820db9-3b77-4a4d-9578-2e2198a60cb6.png
  6. Provide the following information for the Employee Advocacy SSO configuration:

    • Display Name: Employee Advocacy SSO

    • Configure Certificate: <Leave this as a default blank and click next>

    • Configure URL:

    • Configure Identifiers:

    • Configure Multi-factor Authentication

      • You can skip this page and leave it blank.

    • Chose Issuance Authorization Rules: select Permit all users to access this relying party 

    • Finish: Select Open the Edit Claim Rules dialog
  7. Click Close.

Creating Claim Rules

If the claim rules editor doesn’t appear, right-click Employee Advocacy SSO in the Relying Party Trusts list and click Edit Claims Rules and then click Add Rule and complete the following steps:
5dbdb834-c62c-4d21-b658-23fc30989862.png

  1. Click the Send LDAP Attributes as Claims template in the Claim rule template list.
  2. Click Next.
    0cffc0b0-d9a0-44cb-b80e-8a89bdcc339c.png
  3. Create the claim rule with the following fields:
    • Enter a Descriptive rule name 
    • Attribute Store: Active Directory
    • LDAP Attribute: E-Mail-Addresses 
    • Outgoing Claim Type: E-Mail Address
      9b41e3b7-1c6b-4cd3-b7a6-87235ea3f867.png
  4. Click Add Rule to create another new rule.
  5. Click the Transform an Incoming Claim in the Claim rule template list.
  6. Create the claim rule with the following fields:
    • Enter a descriptive rule name
    • Incoming Claim Type: E-Mail Address
    • Outgoing Claim Type: Name ID
    • Outgoing Name ID Format: Email
    • Pass through all claim values
      48c44ed3-2ac7-4a18-9c68-5e1d27c41b9c.png
Adjust the trust settings
Double-click Employee Advocacy SSO in the Relying Party Trust list.
Ensure SHA-256 is specified as the secure hash algorithm in the Advanced tab.

Comments 0 comments

Article is closed for comments.

Was this article helpful?

Still can't find what you're looking for?

Powered by Zendesk