Currently, we support SSO using SAML 2.0 by integrating with ADFS. These instructions are for ADFS 3.0 (Windows Server 2012 R2) and assume that you have received the replying party trust XML file from Optix for import.
Relying Party Trust Setup
- On the primary server of your ADFS farm, open the ADFS Management snap-in
- Locate the Relying Party Trusts folder under the Trust Relationships folder. Right click and choose Add Relying Party Trust...
- Click Start to begin the wizard
- Select the Import data about the relying party from a file radio button and then click Browse... to locate the path where you saved the Optix relying party XML file. Click Next to continue
- Input a name for the Relying Party Trust in the Display name field. Click Next to continue
- Next, you can configure Multi-Factor Authentication, such as the use of a certificate, token, phone call, or text, as a second factor beyond email and password (optional). Click Next to continue
- Select Permit all users to access this relying party and click Next to continue
- Review the settings and click Next to complete the setup
- Click the checkbox next to Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close to complete the wizard
Claim Rules Setup
Now that the Relying Party Trust for Optix has been created, in order to post the necessary data back to Optix, you must create three claim rules. The Claims Rules Editor should have opened automatically.
- In the Issuance Transform Rules tab, select Add Rule...
- Select Send LDAP Attributes as Claims from the 'Claim rule template' dropdown. Click Next to continue
- Fill out the values as specified below:Enter a name for the claim rule in the 'Claim rule name' fieldChoose Active Directory from the 'Attribute store' dropdownSelect E-Mail-Addresses from the 'LDAP Attribute' dropdownSelect E-Mail Address from the 'Outgoing Claim Type' dropdown
- Click Finish to create the first claim
- Select Add Rule to begin the process for the second claim
- Choose Transform an Incoming Claim from the 'Claim rule template' dropdown. Click Next to continue
- Fill out the values as specified below:Enter a name for the claim rule in the 'Claim rule name' fieldChoose E-Mail Address from the 'Incoming claim type' dropdown menuChoose Name ID from the 'Outgoing claim type' dropdown menuChose Email from the 'Outgoing name ID format' dropdown menuCheck the circle next to 'Pass through all claim values'
- Click Finish to create the second claim
- Select Add Rule to begin the process for the third claim
- Fill out the values as specified below:Enter a name for the claim rule in the 'Claim rule name' fieldSelect Active Directory from the 'Attribute store' dropdown menuSelect E-Mail-Addresses from the first 'LDAP Attribute' field's dropdown menuType Email in the first 'Outgoing Claim Type' fieldSelect Given-Name from the second 'LDAP Attribute' field's dropdown menuType FirstName in the second 'Outgoing Claim Type' fieldSelect Surname from the third 'LDAP Attribute' field's dropdown menuType LastName in the third 'Outgoing Claim Type' field
- Click Finish to create the third claim
- The Issuance Transform Rules should appear. Click OK to finish the process