Instructions for AD FS 2.x Integration with PurelyHR
AD FS 2.x is one of the options available for enabling Single Sign-On (SSO) with PurelyHR.
Step 1: Open AD FS Management Console
- Launch AD FS management console.
Step 2: Add a New Relying Party Trust
- Navigate to Trust Relationships → Relying Party Trusts.
- Click Add Relying Party Trust from the right-hand menu.
- Select Enter data about the relying party manually.
- Click Next.
Step 3: Configure Display Name
- Choose a Display Name for your SSO pages and add a description.
- Click Next.
Step 4: Choose Profile
- Select AD FS Profile.
- Click Next.
Step 5: Configure URL
- Click Next (do not select any additional options under Configure URL).
Step 6: Add Identifier
- Add the following as the Relying Party Trust Identifier:
https://purelyhr.com/ - Click Next.
Step 7: Access Control Policy
- Choose Permit all users to access this relying party.
(Other options are outside the scope of this document.) - Click Next.
Step 8: Complete Wizard
- Click Next.
- Unselect Open the Edit Claim Rules dialog for this relying party trust when the wizard closes.
- Click Close.
Step 9: Configure Properties
- Select the properties of the Relying Party Trust you just created.
- Navigate to the Signature tab.
- Click Add and import the X.509 certificate you added to your PurelyHR SSO settings.
Step 10: Advanced Settings
- Go to the Advanced tab.
- Change the Secure hash algorithm to SHA-1.
- Click OK.
Step 11: Edit Claim Rules
- Click Edit Claim Rules.
- Under Issuance Transform Rules, click Add Rule.
- Select Send LDAP Attributes as Claims.
- Click Next. (Typically includes email, firstname, and lastname.)