Laurel requires our customers and users to login with an SSO provider. This article provides the steps required to setup ADFS as a login method into Laurel services.
Adding Laurel as a relying party trust
These instructions are for Windows Server 2016, but the process is similar for other Windows Server versions.
Ensure the ADFS Management console is open
Right click "Relying Party Trust" and select "Add Relying Party Trust..."
Select "Claims Aware"
Select "Enter data about the relying party manually"
Set the "Display Name" to "Laurel" (or an equivalent identifier) and provide notes if applicable.
Skip the optional certificate configuration for the claims
Check "Enable support for the WS-Federation Passive protocol," and input the following URL:
In "Relying party trust identifier" input
urn:auth0:lrl-id-prd
and click "Add"Advance through the next two sections and leave all settings as default including "permit all users..." for the access control policy.
Laurel has additional access controls which means while all users may be permitted, if they are not enabled within Laurel they will not have access.
Finish and ensure "configure claims issuance policy for the application" is checked.
Configuring claims
Click "Add Rule..." under the "Edit Claim Issuance Policy for Laurel"
Set "Claim rule template" to "Send LDAP Attributes as Claims"
Match Claim Configuration as follows, and ensure to update Claim Rule Name to "Laurel Claims"
Set "Attribute store" to "Active Directory"and update "Mapping of LDAP attributes to outgoing claim types" as follows:
E-Mail-Addresses →E-Mail Address
Display-Name → Name
User-Principal-Name → Name ID
Given-Name → Given Name
Surname → Surname
Select "Finish"
Submitting your FederationMetadata
Please submit a support ticket with TBP with the following information:
Your FederationMetadata.xml file (includes public certificate and endpoints)
A complete List of Users that require access Laurel: Format this list as follows firstName, lastName, emailAddress format (ie. Ryan, Alshak, [email protected])
You can usually find your FederationMetadata.xml
at https://yourdomain.extension/FederationMetadata/2007-06/FederationMetadata.xml.
If that is not the right endpoint, please check your ADFS endpoints to verify the metadata URL Path.
If you have additional questions or require assistance, please reach out to your Laurel solutions team or account manager.