All Collections
Teams and Organizations
SAML
Configuring Single Sign-On with Active Directory Federation Services
Configuring Single Sign-On with Active Directory Federation Services
Matt Houser avatar
Written by Matt Houser
Updated over a week ago

Use this guide to configure your Active Directory Federation Services (ADFS) as a single sign-on Identifier Provider (IdP) for your Skeddly account.

Step 1: Obtain your ADFS Identity Provider Metadata Document

First, obtain your ADFS metadata document from:
​ 
https://<adfs host>/FederationMetadata/2007-06/FederationMetadata.xml

Step 2: Create an Identity Provider in Skeddly

Please follow these instructions to create your Skeddly Identity Provider.

Step 3: Add a Relying Party Trust in ADFS

In your organization's ADFS Management Console, perform the following steps. These steps are shown using ADFS 2.0 on Windows Server 2008 R2. The steps should be very similar for ADFS 3.0 on Windows Server 2012 or 2016.

1. Add a new relying party trust by clicking "Add Relying Party Trust".

2. The "Add Relying Party Trust Wizard" should begin.

Click "Start" to proceed. 

3. Select "Import data about the relying party published online" and specify the following URL for the "Federation metadata address": https://app.skeddly.com/Content/saml/skeddly-metadata.xml.

Click "Start" to proceed. 

4. Specify a display name for your Relying Party. This may default to "app.skeddly.com". You can change it to anything you wish, for example "Skeddly".

Click "Next" to proceed. 

5. Choose to "Permit all users to access this relying party".

Click "Next" to proceed. 

6. Review the properties of the Relying Party.

Click "Next" to create the Relying Party. 

7. Click "Close" to close the wizard.

At this point, you should see your new Relying Party in the list of Relying Party Trusts.
​ 
 If the "Edit Claim Rules" dialog is not visible, click "Edit Claim Rules..." to show the dialog.

Add the "NameId" Attribute

First, we need to add the "NameId" attribute to our SAML assertion response.

1. Click the "Add Rule..." button to begin adding the first rule. 

2. Choose "Transform an Incoming Claim".

Click "Next" to proceed. 

3. Use the following property values on the "Configure Rule" page:

  • Claim rule name: NameId

  • Incoming claim type: Windows account name

  • Outgoing claim type: Name ID

  • Outgoing name ID format: Persistent Identifier

  • Pass through all claim values: selected

Click "Finish" to complete the rule.

Add the "Roles" Attribute

Next, we need to add our "Roles" attribute which will be used to tell Skeddly which Skeddly account to access and the permissions to apply to the signed-in user.

For this step, you need 2 pieces of information:

  • The SRN of the Skeddly Identity Provider you created in your Skeddly account (shown as <idp SRN> later), and

  • The SRN of the Managed Policies you want to apply to the user (shown as <policy SRN> later).

Follow these steps:

1. Click the "Add Rule..." button again to begin adding the second rule.
2. Select "Send Claims Using a Custom Rule".

Click "Next" to proceed.

3. Use the following property values on the "Configure Rule" page:

Click "Finish" to complete the rule.

4. Click "OK" to confirm and close the "Edit Claim Rules" dialog.
​ 
At this stage, your ADFS configuration is complete.
​ 
Sign-in to your ADFS sign-in portal:
​ 
https://<adfs host>/adfs/ls/IdpInitiatedSignOn.aspx
​ 
Once signed-in, choose to sign-in to Skeddly. Your browser should redirect itself to Skeddly, sign in to Skeddly, and display the Skeddly dashboard.

Did this answer your question?