Skip to main content
ADFS (SSO) Configuration for Laurel
Nick Bazley avatar
Written by Nick Bazley
Updated over a year ago

Laurel requires our customers and users to login with an SSO provider. This article provides the steps required to setup ADFS as a login method into Laurel services.

Adding Laurel as a relying party trust

These instructions are for Windows Server 2016, but the process is similar for other Windows Server versions.

  1. Ensure the ADFS Management console is open

  2. Right click "Relying Party Trust" and select "Add Relying Party Trust..."

    relying2.PNG
  3. Select "Claims Aware"

    relying.png

  4. Select "Enter data about the relying party manually"

    relying3.PNG

  5. Set the "Display Name" to "Laurel" (or an equivalent identifier) and provide notes if applicable.

  6. Skip the optional certificate configuration for the claims

  7. Check "Enable support for the WS-Federation Passive protocol," and input the following URL:

  8. In "Relying party trust identifier" input urn:auth0:lrl-id-prd and click "Add"

  9. Advance through the next two sections and leave all settings as default including "permit all users..." for the access control policy.

    1. Laurel has additional access controls which means while all users may be permitted, if they are not enabled within Laurel they will not have access.

  10. Finish and ensure "configure claims issuance policy for the application" is checked.

Configuring claims

  1. Click "Add Rule..." under the "Edit Claim Issuance Policy for Laurel"

  2. Set "Claim rule template" to "Send LDAP Attributes as Claims"

    claims_3.PNG

  3. Match Claim Configuration as follows, and ensure to update Claim Rule Name to "Laurel Claims"

  4. Set "Attribute store" to "Active Directory"and update "Mapping of LDAP attributes to outgoing claim types" as follows:

    1. E-Mail-Addresses →E-Mail Address

    2. Display-Name → Name

    3. User-Principal-Name → Name ID

    4. Given-Name → Given Name

    5. Surname → Surname

  5. Select "Finish"

Submitting your FederationMetadata

Please submit a support ticket with TBP with the following information:

  1. Your FederationMetadata.xml file (includes public certificate and endpoints)

  2. A complete List of Users that require access Laurel: Format this list as follows firstName, lastName, emailAddress format (ie. Ryan, Alshak, [email protected])

You can usually find your FederationMetadata.xml at https://yourdomain.extension/FederationMetadata/2007-06/FederationMetadata.xml.

If that is not the right endpoint, please check your ADFS endpoints to verify the metadata URL Path.

metadata.PNG


If you have additional questions or require assistance, please reach out to your Laurel solutions team or account manager.

Did this answer your question?