Setting up HunchBuzz with ADFS
NOTE: Single Sign-On for ADFS is only available with our enterprise plans. For self-provisioned subscription plans Azure Active Directory (AAD) is the only option offered.
Step 1
You will need to provide us with your ADFS federation metadata URL. This will look something like https://your-adfs-domain/FederationMetadata/2007-06/FederationMetadata.xml
Step 2
We will use this to create a metadata URL for your HunchBuzz platform
Step 3 - Add the Relying Party Trust
Open AD FS Management and navigate to “Relying Party Trusts” under “Trust Relationships”
-
Click “Add Relying Party Trust” on the right-hand bar
-
Choose claims aware and press next
-
Paste the provided metadata URL into the federation metadata address field and press next
-
Give your relay trust a name and if required, any notes
-
If required, configure your user group access - or press next if not required
-
Verify your configuration and press next
-
Leave the 'Configure claims' checkbox ticked and press close
Step 4 - Add the custom rules
-
Click 'Edit Claim Issuance Policy'
-
Click 'Add Rule'
-
Choose 'Send Claims Using a Custom Rule' and press Next
- Enter 'Name and Email' as the rule name, paste the following then press 'Finish'
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query = ";mail,givenName,sn,tokenGroups;{0}", param = c.Value); - Repeat steps 2 and 3 then enter 'Custom Rule 1' as the name, paste the following then press 'Finish'
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = ";mail;{0}", param = c.Value); - Repeat steps 2 and 3 then enter 'Custom Rule 2' as the name, paste the following then press 'Finish'
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"); -
Your 'Issuance Transform Rules' panel should now look like below. Press 'Ok' to save the rules
Step 5 - Attempt to login
Using the provided URL from your HunchBuzz account manager, attempt to login to your platform. All going well, you should be taken to the dashboard.
If you experience issues please get in touch and we'll work through the issues with you.
Comments
0 comments
Please sign in to leave a comment.