Configuration Steps for ADFS:
Requirements:
-
An Active Directory instance where users have an email address attribute
-
A Brandfolder account that has been enabled for SSO
-
A metadata file from Brandfolder Support used for import
- An SSL certificate to sign your ADFS login page and the fingerprint of that certificate
1. Add a Relying Trust Party
- Login to the ADFS Server
- On the left-hand side of the of the table right click Relying Party Trust
- Select Add Relying Party Trust...
2. Configure the Relying Party Trust Wizard
- Select Start
- On the Select Data Source Screen, select Import data about this relying party from a file
- Select Browse and select the Brandfolder metadata file that was supplied
- Importing this data will allow you to select Next to Configure Multi-factor Authentication Now - leave the defaults and select Next
- On Choose Issuance Authorization Rules select Permit all users
- The following screen will show an overview of your settings - select Next
- On the closing screen select Close and open the Claim Rules Editor
3. Creating Claim Rules
1. The Claims Rule editor will open automatically - to create a new Rule, select Add Rule
2. Select Send LDAP Attributes as Claims and select Next
3. On the following screen, set the LDAP Attribute to E-Mail-Addresses and set Outgoing Claim Type to E-Mail Address
4. Click OK to save the rule
5. Create another new rule by selecting Add Rule - select Transform an Incoming Claim from the dropdown
6. On the following screen select the following:
- E-mail Address as Incoming Claim Type
- Outgoing Claim Type as Name ID
- Outgoing Name ID Format as Email
- Leave the default of Pass through all claim values
7. Select OK the create the claim rule
4. Setting up a Full Name Claim
- Brandfolder recommends sending the first and last name along with the email address of the user
- Create another new rule by selecting Add Rule
- Set the one LDAP Attribute to Surname and one to Given-Name
- Set the Outgoing Claim Type to Surname and one to Given-Name
- Select OK to create this rule, then OK again to complete the rules
5. Test the Configuration
- At this point, the configuration is able to be tested
- Please contact support@brandfolder.com to complete the configuration or for any other related questions