Active Directory Federated Services (ADFS) SSO Configuration

Connecting Skills to ADFS for Single Sign-On (SSO)

  1. . Open the AD FS Management Console.

  2. Select Add Relying Party Trust on the right hand column.
    image

  3. When the Relying Party Trust Wizard opens, select Start.

  4. Select the option “Import data about the relying party published online or on a local network”and paste our metadata URL from the Skills SSO page.

  5. Set the display name to either “Infosec Skills SSO” or a name of your choice then click Next.

  6. Select “I do not want to configure multi-factor authentication settings for this relying party trust at this time” and click Next.

  7. Select “Permit all users to access this relying party” and click Next.

  8. In the Ready to Add Trust step, click Next. Leave the box checked to open the edit claims rule dialog and click Close.

Adding Claim Rules for Relying Trust Party you created

  • Part 1: UPN to Email

    1. In the Edit Claims Rules window, select Add Rule.

    2. Use the Send LDAP Attributes as Claims template and click Next.

    3. Update the following sections

      • Claim rule name: UPN to Email
      • Attribute Store: Active Directory
      • LDAP Attribute: User-Principal-Name (select from drop-down menu)
      • Outgoing Claim Type: email (manually type in)

        Click Finish after completing the above fields.
  • Part 2: Last Name

    1. Stay in the Edit Claims Rules window, and select Add Rule.

    2. Use the Send LDAP Attributes as Claims template and click Next.

    3. Update the following sections:

      • Claim rule name: last_name
      • Attribute Store: Active Directory
      • LDAP Attribute: Surname (select from drop-down menu)
      • Outgoing Claim Type: last_name (manually type in)
    4. Click Finish after completing the above fields.

  • Part 3: First Name

    1. Stay in the Edit Claims Rules window, and select Add Rule.

    2. Use the Send LDAP Attributes as Claims template and click Next.

    3. Update the following sections:

      • Claim rule name: first_name
      • Attribute Store: Active Directory
      • LDAP Attribute: Given-Name (select from drop-down menu)
      • Outgoing Claim Type: first_name (manually type in)
    4. Click Finish after completing the above fields.

  • Part 4: Transform an Email Address

    1. Stay in the Edit Claims Rules window, and select Add Rule.

    2. Used to Transform an Incoming Claim template and click Next.

    3. Update the following sections:

      • Claim Rule Name: Transform Email Address
      • Incoming Claim Type: UPN (select from drop-down menu)
      • Outgoing Claim Type: Name ID (select from drop-down menu)
      • Outgoing name ID Format: Email (select from drop-down menu)
      • Select Pass through all claim values
    4. Click Finish and close the claims window.

    You should now see the following claims rules and has completed the setup.