To get your ADFS server ready, you’ll need to:
Begin by launching your instance of ADFS. Start the Add Relying Party Trust wizard.
On the Welcome page, choose Claims aware and click Start.
You’ll see the Select Data Source page at this point. Select Enter data about the relying party manually and click Next to proceed.
On the Specify Display Name page, provide a descriptive name for your relying party (the typical format is
urn:auth0:safetyculture.au.auth0.com) and a brief description under Notes. Click Next.
Next up is the Configure Certificate page. For now, we will skip this step, so click Next to proceed.
On the Configure URL page, check the box for Enable support for the SAML 2.0 WebSSO protocol. The wizard then asks for a Relying party SAML 2.0 SSO service URL. For the time being, provide a placeholder URL; we will return to this step at a later point. Click Next.
On the Configure Identifiers page, indicate that the Relying party trust identifier is
urn:auth0:safetyculture.au.auth0.com Click Next.
On the Choose Access Control Policy page, select Permit everyone and click Next.
Finally, review the settings you provided on the Ready to Add Trust page and click Next to save your information.
If you were successfully, you’ll see a message indicating such on the Finish page. Make sure that the Configure claims issuance policy for this application checkbox is selected, and click Close.
Immediately after you’ve closed out of the Add Relying Party Trust wizard, you’ll see the Edit Claim Issuance Policy window pop up.
Click Add Rule… to launch the wizard. Use Send LDAP Attributes as Claims for your Claim rule template, and click Next to proceed.
Provide a value for the Claim rule name, such as LDAP Attributes (it can be anything you want). Choose Active Directory as your Attribute Store. Map your LDAP attributes to outgoing claim types as shown below. The only mandatory mapping you need is for the email address, but you can add as many as you’d like. Click Finish.
Back on the Edit Claim Issuance Policy window, click Apply.
You can now exit out of this window.
To get your Federation Metadata, navigate to the following URL:
Your file will looking something like this:
Save the file for later use.
Finally, you’ll need to export the signing certificate from the ADFS console to provide it to SafetyCulture at a later point.
Using the left-hand navigation pane, go to ADFS > Service > Certificates. Select the Token-signingcertificate, and right click to select View Certificate.
On the Details tab, click Copy to File….
This launches the Certificate Export Wizard. Click Next to proceed.
Choose Base-64 encoded X.509 (.CER) as the format you’d like to use. Click Next.
Provide the location to where you want the certificate exported. Click Next.
Verify that the settings for your certificate are correct. If they are, click Finish to proceed with the export process.
Send the certificate exported to SafetyCulture.
SafetyCulture will configure the service on our side, we’ll let you know once this is done so that you can continue with step 3.
Once you have set the required parameters for creating your SSO connection and clicked Save, you’ll see a page with instructions on creating a new relying party trust in ADFS. You’ll need the following parameters:
|Post-back URL||<will be provided by SafetyCulture once step 2 is done>|
The set of instructions presented to you after you’ve created your new connection will also have the exact values required for your SSO account/connection.
In the ADFS console, go to ADFS > Relying Party Trusts using the left-hand navigation pane. Select the relying party trust you created in step 1 and click Properties (located on the right-hand navigation pane).
Switch over to the Identifiers tab, and populate the Relying Party Identifier with the Entity ID value. Be sure to click Add to add the identifier to your list.
Switch over to the Endpoints tab, and select the placeholder URL you provided earlier. Click Edit….
Populate the Trusted URL with the Post-back URL value.
Click OK. Finally, click Apply and exit the Properties window.