Using Microsoft ADFS as the SSO Provider for AchieveIt
- Open the ADFS Management Console.
- Click on Add Relying Party Trust.
- Click Start on the first step.
- Select Enter data about the relying party manually and click Next.
- Enter an arbitrary name (e.g. "YOUR_APP_NAME") and click Next.
- Leave the default selection (ADFS 2.0 profile) and click Next.
- Leave the default (no encryption certificate) and click Next.
- Check Enable support for the WS-Federation Passive protocol URL, enter the following value in the textbox and click Next.
https://achieve-it.auth0.com/login/callback
- Add a Relying party trust identifier with the following value and click Add and then Next.
urn:auth0:achieve-it
- Leave the default option (Permit all users...) and click Next.
- Click Nextand then Close. The UI will show a new window to edit the Claim Rules.
- Click on Add Rule....
- Leave the default option (Send LDAP Attributes as Claims).
- Give the rule an arbitrary name that describes what it does. For example:
Map ActiveDirectory attributes (mail -> Mail, displayName -> Name, userPrincipalName -> NameID, givenName -> GiveName, sn -> Surname)
- Select the mappings as shown in this image and click Finish.