Skeddly

Welcome, Guest Login

Support Center

Configuring Single Sign-On with Active Directory Federation Services

Last Updated: Oct 20, 2016 12:52PM EDT
Use this guide to configure your Active Directory Federation Services (ADFS) as a single sign-on Identifier Provider (IdP) for your Skeddly account.

Step 1: Obtain your ADFS Identity Provider Metadata Document

First, obtain your ADFS metadata document from:

https://<adfs host>/FederationMetadata/2007-06/FederationMetadata.xml

Step 2: Create an Identity Provider in Skeddly

Please follow these instructions to create your Skeddly Identity Provider.

Step 3: Add a Relying Party Trust in ADFS

In your organization's ADFS Management Console, perform the following steps. These steps are shown using ADFS 2.0 on Windows Server 2008 R2. The steps should be very similar for ADFS 3.0 on Windows Server 2012 or 2016.
  1. Add a new relying party trust by clicking "Add Relying Party Trust".


     
  2. The "Add Relying Party Trust Wizard" should begin.



    Click "Start" to proceed.
     
  3. Select "Import data about the relying party published online" and specify the following URL for the "Federation metadata address": https://app.skeddly.com/Content/saml/skeddly-metadata.xml.



    Click "Start" to proceed.
     
  4. Specify a display name for your Relying Party. This may default to "app.skeddly.com". You can change it to anything you wish, for example "Skeddly".



    Click "Next" to proceed.
     
  5. Choose to "Permit all users to access this relying party".



    Click "Next" to proceed.
     
  6. Review the properties of the Relying Party.



    Click "Next" to create the Relying Party.
     
  7. Click "Close" to close the wizard.

At this point, you should see your new Relying Party in the list of Relying Party Trusts.

If the "Edit Claim Rules" dialog is not visible, click "Edit Claim Rules..." to show the dialog.

Add the "NameId" Attribute

First, we need to add the "NameId" attribute to our SAML assertion response.
  1. Click the "Add Rule..." button to begin adding the first rule.


     
  2. Choose "Transform an Incoming Claim".



    Click "Next" to proceed.
     
  3. Use the following property values on the "Configure Rule" page:
    • Claim rule name: NameId
    • Incoming claim type: Windows account name
    • Outgoing claim type: Name ID
    • Outgoing name ID format: Persistent Identifier
    • Pass through all claim values: selected




    Click "Finish" to complete the rule.

Add the "Roles" Attribute

Next, we need to add our "Roles" attribute which will be used to tell Skeddly which Skeddly account to access and the permissions to apply to the signed-in user.

For this step, you need 2 pieces of information:
  • The SRN of the Skeddly Identity Provider you created in your Skeddly account (shown as <idp SRN> later), and
  • The SRN of the Managed Policies you want to apply to the user (shown as <policy SRN> later).
Follow these steps:
 
  1. Click the "Add Rule..." button again to begin adding the second rule.
  2. Select "Send Claims Using a Custom Rule"



    Click "Next" to proceed.
     
  3. Use the following property values on the "Configure Rule" page:
    • Claim rule name: Roles
    • Custom rule: => issue(Type = "https://skeddly.com/SAML/Attributes/Roles", Value = "<idp SRN>,<policy SRN>");



    Click "Finish" to complete the rule.
Click "OK" to confirm and close the "Edit Claim Rules" dialog.

At this stage, your ADFS configuration is complete.

Sign-in to your ADFS sign-in portal:

https://<adfs host>/adfs/ls/IdpInitiatedSignOn.aspx

Once signed-in, choose to sign-in to Skeddly. Your browser should redirect itself to Skeddly, sign in to Skeddly, and display the Skeddly dashboard.

Contact Us

support@skeddly.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete