Requirements:

  • An Active Directory instance where all users have an email address attribute
  • A Proxyclick account in Trial mode or on the Large or Enterprise plans

 

Step 1: Add a Relying Party Trust

Select the Relying Party Trusts folder from AD FS Management , and add a new Standard Relying Party Trust from the Actions sidebar. This will start the configuration wizard.

Screen Welcome

wizzard start

Click on Start .

Screen Select Data Source

wizzard metadata

Select the last option, Enter Data About the Party Manually and click on Next .

Screen Specify Display Name

wizzard label

Enter a Display name (e.g. Proxyclick login). You can enter some Notes if you like. Click then on Next .

Screen Choose Profile

wizzard profile

Select the ADFS FS profile radio button and click on Next .

Screen Configure Certificate

wizzard cert

Leave the certificate settings at their defaults, just click on Next .

Screen Configure URL

wizzard URL

Check the box Enable Support for the SAML 2.0 WebSSO protocol . The service URL can be found in Account and Settings > Integrations > SAML (see below).

2016-06-17_14-44-56

 

Click on Next .

Screen Configure Identifiers

wizzard identifier

Add https://saml.proxyclick.com as first identifier and the SAML SSO Redirect URL as second identifier.

2016-06-17_14-44-56-1

Click on Next .

Screen Multifactor Authentication Now?

wizzard multi-factor

You may configure multifactor authentication but this is beyond the scope of this guide.

Click on Next .

Screen Issuance Authorization Rules

wizzard auth

Select the Permit all users to access this relying party radio button and click on Next .

Screen Ready to Add Trust

Review your settings and click on Next .

Screen Finish

wizzard finished

Click on the Close button to exit the wizard and go the Claim Rules editor.

 

Step 2: Creating claim rules

 

Claim Rules

Create a first rule by clicking on Add Rule .

Screen Choose Rule Type

claim LDAP 1

Select Send LDAP Attributes as Claims in the rule template list. Click on Next .

Screen Configure Claim Rule

claim ldap 2

Enter a Claim rule name (e.g. LDAP Email). Select Active Directory in the Attribute store list. Choose Email Addresses for the LDAP Attribute column and Email Address for the Outgoing Claim Type column.

Click on OK to create the new rule.

Create a second rule by clicking on Add rule .

Screen Choose Rule Type

claim transform 1

Select Transform an Incoming Chain in the rule template list. Click on Next .

Screen Configure Claim Rule

claim transform 2

Enter a Claim rule name (e.g. Email Transform). Select Email address for the Incoming Claim Type . Select Name ID for the Outgoing Claim Type and select Unspecified (not Email) for the Outgoing name ID format (see green arrow). Leave Pass through all claim values selected.

Click OK to save the claim rule.

Step 3: Configuring SAML in Proxyclick

Please go to Account and Settings > Integrations > SAML. Insert the 3 values from ADFS in the fields below.

2016-06-17_15-16-48

You can find these settings here:

  • The issuer is the “entityID” in the metadata file
  • The SAML 2.0 endpoint URL is the URL of your ADFS login page
  • The certificate is the “Token signing” certificate

Click on Save Changes.

Your ADFS connection is ready. Please let us know if you have any questions. We’re there to help!

Note: in case you request a signature (see below), please contact us at support@proxyclick.com so we send you the certificate.

FacebookGoogle+EmailTwitterLinkedIn