Follow

Configuring a Replying Party Trust for ADFS Federation with MGCLD

In order to federate with your Active Directory with our services, contact technical support and then follow these instructions when directed:

 

On your ADFS farm you will need to follow these steps:

Add the RP trust

  1. In Server Manager, click Tools, and then select AD FS Management.
  2. In the console tree, under AD FS, right click Relying Party Trusts. Select Add Relying Party Trust.
  3. Select Claims Aware and click Start.
  4. On the Select Data Source page, select the option "Import data about the claims provider published online or on a local network". Enter the URI of our federation metadata endpoint:
    https://login.mgcld.com/federationmetadata/2007-06/federationmetadata.xml


  5. On the Specify Display Name page, enter a name (e.g. MGCLD)
  6. On the Choose Access Control Policy page, choose a policy. You could permit everyone in the organization, or choose a specific security group. Add Relying Party Trust Wizard
  7. Enter any parameters required in the Policy box.
  8. Click Next to complete the wizard.

Add claims rules

  1. Right-click the newly added relying party trust, and select Edit Claim Issuance Policy.

  2. Click Add Rule.

  3. Select "Send LDAP Attributes as Claims" and click Next.

  4. Enter a name for the rule, such as "Send LDAP UPN".

  5. Under Attribute store, select Active Directory. Add Transform Claim Rule Wizard

  6. In the Mapping of LDAP attributes section:

    • Under LDAP Attribute, select User-Principal-Name.
    • Under Outgoing Claim Type, select UPN. Add Transform Claim Rule Wizard
  7. Click Finish.

  8. Click Add Rule again.

  9. Select "Send Claims Using a Custom Rule" and click Next.

  10. Enter a name for the rule, such as "Anchor Claim Type".

  11. Under Custom rule, enter the following:

    EXISTS([Type == "http://schemas.microsoft.com/ws/2014/01/identity/claims/anchorclaimtype"])=> issue (Type = "http://schemas.microsoft.com/ws/2014/01/identity/claims/anchorclaimtype", Value = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn");

    This rule issues a claim of type anchorclaimtype. The claim tells the relying party to use UPN as the user's immutable ID.

  12. Click Finish.

  13. Click OK to complete the wizard.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments