Am I able to use ADFS 2.X for single sign-on?
AD FS 2.X is one of the options we have for single sign-on.
- Here's the Process:
- Open AD FS management console.
- Navigate to Trust Relationships, Relying Party Trusts.
- Select Add Relying Party Trust from the menu on the right.
- Select Enter data about the relying party manually
- Click next and choose a Display Name to use on your SSO pages along with a description.
- Click Next. Choose AD FS Profile.
- Click Next
- Click Next. Do not choose any additional options under Configure URL
- Click Next. Add https://purelyhr.com/ as the Relying trust identifier.
- Click next. Choose Permit all users to access this relying party (other options are outside of the scope of this document).
- Click Next.
- Click Next. Unselect the Open the Edit Claim Rules dialogue for this relying party trust when the wizard closes.
- Click Close. Select the properties of the Relying Party Trust you just created. Navigate to the Signature tab.
- Click Add and import the x.509 certificate that you added to your Purelyhr SSO settings. Select the Advanced Tab.
- Change the Secure hash algorithm to SHA-1 and click ok. Select Edit Claim Rules.
- Click Add Rule from Issuance Transform Rules (Usually email, firstname, and lastname)
- Select Send LDAP Attributes as Claims.
- Click Next.