How do I set up ADFS for Employee Advocacy?
Table of Contents
If you have self-hosted ADFS on a windows server, configure it with Employee Advocacy by performing the following steps:
-
Open AD FS Management Application, and then click Trust RelationShips > Relying Party Trusts.
-
Click Add Relying Party Trust from the right actions bar. The wizard appears.
-
Click Start on the welcome screen.
- Select Enter data about the relying party manually.
- Click Next.
-
Provide the following information for the Employee Advocacy SSO configuration:
-
Display Name: Employee Advocacy SSO
-
Configure Certificate: <Leave this as a default blank and click next>
-
Configure URL:
-
Select Enable Support for the SAML 2.0 WebSSO protocol
-
-
Configure Identifiers:
-
Relying party trust identifier: https://id.sproutsocial.com/
-
-
Configure Multi-factor Authentication
-
You can skip this page and leave it blank.
-
-
Chose Issuance Authorization Rules: select Permit all users to access this relying party
- Finish: Select Open the Edit Claim Rules dialog
-
- Click Close.
Creating Claim Rules
If the claim rules editor doesn’t appear, right-click Employee Advocacy SSO in the Relying Party Trusts list and click Edit Claims Rules and then click Add Rule and complete the following steps:
- Click the Send LDAP Attributes as Claims template in the Claim rule template list.
- Click Next.
- Create the claim rule with the following fields:
- Enter a Descriptive rule name
- Attribute Store: Active Directory
- LDAP Attribute: E-Mail-Addresses
-
Outgoing Claim Type: E-Mail Address
- Click Add Rule to create another new rule.
- Click the Transform an Incoming Claim in the Claim rule template list.
-
Create the claim rule with the following fields:
- Enter a descriptive rule name
- Incoming Claim Type: E-Mail Address
- Outgoing Claim Type: Name ID
- Outgoing Name ID Format: Email
- Pass through all claim values
Adjust the trust settings
