1. Brandfolder
  2. Brandfolder Admin Users
  3. SAML & SSO

ADFS

Avatar
Chelsea Mitchell
Follow

Configuration Steps for ADFS:

Requirements:

  • An Active Directory instance where users have an email address attribute

  • A Brandfolder account that has been enabled for SSO

  • A metadata file from Brandfolder Support used for import 

  • A SSL certificate to sign your ADFS login page and the fingerprint of that certificate

  1. Add a Relying Trust Party 

    1. Login to the ADFS Server
    2. On the left-hand side of the of the table right click Relying Party Trust
    3. Select Add Relying Party Trust...

  2. Configure the Relying Party Trust Wizard

    1. Select Start
    2. On the Select Data Source Screen, select Import data about this relying party from a file
    3. Select Browse and select the Brandfolder metadata file that was supplied 
    4. Importing this data will allow you to select Next to Configure Multi-factor Authentication Now - leave the defaults and select Next
    5. On Choose Issuance Authorization Rules select Permit all users
    6. The following screen will show an overview of your settings - select Next
    7. On the closing screen select Close and open the Claim Rules Editor

  3. Creating Claim Rules

    1. The Claims Rule editor will open automatically - to create a new Rule, select Add Rule
    2. Select Send LDAP Attributes as Claims and select Next
    3. On the following screen, set the LDAP Attribute to E-Mail-Addresses and set Outgoing Claim Type to E-Mail Address
    4. Click OK to save the rule
    5. Create another new rule by selecting Add Rule - select Transform an Incoming Claim from the dropdown 

6. On the following screen select the following:

  • E-mail Address as Incoming Claim Type
  • Outgoing Claim Type as Name ID
  • Outgoing Name ID Format as Email
  • Leave the default of Pass through all claim values

7. Select OK the create the claim rule

  1. Setting up a Full Name Claim

    1. Brandfolder recommends sending the first and last name along with the email address of the user
    2. Create another new rule by selecting Add Rule
    3. Set the one LDAP Attribute to Surname and one to Given-Name
    4. Set the Outgoing Claim Type to Surname and one to Given-Name
    5. Select OK to create this rule, then OK again to complete the rules

  2. Test the Configuration

    1. At this point, the configuration is able to be tested
    2. Please contact support@brandfolder.com to complete the configuration or for any other related questions

 

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section