Skip to main content
Logo
There is a newer version of Contensis. Click to find out more and download the latest version.

Configure your AD FS server

This article outlines the process of configuring your AD FS services on your Windows server to add the necessary trusts and claims for Contensis to integrate with your organisations single sign-on service.

Add the relying party trusts

  1. Open the AD FS Management console, click Add Relying Party Trust in the Actions pane and press Start on the wizard introduction page.

adfs-01

  1. Select Enter data about the relying party manually.

adfs-02

  1. Enter a Display name, e.g. Contensis and press Next.

adfs-03

  1. Select AD FS Profile.

adfs-04

  1. Skip the Configure Certificate step by pressing Next (it’s not supported by Contensis).

adfs-05

  1. Select Enable support for the WS-Federation Passive protocol and enter your CMS address with the addition of /authenticate/ on the end and press Next.

e.g. https://cms-customername.cloud.contensis.com/authenticate/

Please make sure you have the trailing end slash as without it the AD FS integration will not work

Note: Contensis must be available on https, non-https will not work.


Add relying party trust

  1. Double check the CMS address is correct in the Relying party trust identifiers and then click Next.

Check relying party trust

  1. Leave the default option of I do not want to configure multi-factor authentication settings for this relying party trust at this time selected.

    If you wish to configure multi-factor authentication select the second option. Multi-factor authentication is outside the scope of this article.

adfs-09

  1. Select Permit all users to access this relying party and press Next if you want to allow all active directory users to login to Contensis. Alternatively select Deny all users access this relying party if you want to allow specific users later.

adfs-10

  1. You don’t need to change anything in the Ready to Add Trust step. Press Next.

adfs-11

  1. Select the Open the Edit Claim rules dialog for this relying party trust when the wizard closes checkbox and press Close.

adfs-12

Configure claim rules

  1. The Edit Claim Rules window should open automatically after adding the relying party trust. Press Add Rule… to create a new rule.

adfs-13

  1. Select Send LDAP Attributes as Claims from the Claim rule template list.

adfs-14

  1. Enter a Claim rule name e.g. Contensis claims
  2. Select Active Directory as the Attribute store
  3. As a minimum map the following LDAP attributes outlined in the table and press Next.
LDAP attributeOutgoing claim type
User-Principal-Name UPN
E-Mail-Addresses E-Mail Address
SAM-Account-Name Name
SAM-Account-Name Name ID

adfs-15

If you want to populate the user’s first name and surname, you can also map the following LDAP attributes.

LDAP attributeOutgoing claim type
Given-Name Given Name
Surname Surname

You can also configure Contensis to automatically create groups which users are members of when the user first logs in. To enable this you need to map the following LDAP attribute.

LDAP attributeOutgoing claim type
Is-Member-Of-DL Group
  1. You’ll now see the claim listed. Press Add Rule… to add another claim

adfs-16

  1. Press Apply to complete the AD FS server setup.