Skip to main content
All CollectionsEnterprise PlanConfiguration for SSO
Configuring SSO for Microsoft Active Directory Federated Services (ADFS)
Configuring SSO for Microsoft Active Directory Federated Services (ADFS)
Chuen Seet avatar
Written by Chuen Seet
Updated over 2 years ago

The following instruction is for Jibility Enterprise License Customers only

  1. In Server Manager, click Tools > AD FS Management.

  2. Click Add Relying Party Trust under Actions. This will open the Add Relying Party Trust Wizard.

  3. In the Welcome step, click Claims aware, then Start.

  4. In the Select Data Source step, choose Enter data about relying party manually, then click Next.

  5. In the Specify Display Name step, name your relying party (e.g. "Jibility").

  6. The Configure Certificate step is optional. Click Next.

  7. On the Configure URL page of the wizard, select Enable support for the SAML 2.0 WebSSO protocol. For the "Relying party SAML 2.0 SSO service URL", the ACS URL (See 'Configuration in Jibility' section above), is formatted as follows: https://jbility-auth-xxxxxx.auth.region.amazoncognito.com/saml2/idpresponse.

  8. In the Configure Identifiers step, enter your Jibility Entity ID (See Configuring single sign-on with SAML article), formatted as follows: urn:amazon:cognito:sp:xx-xxxx-x_xxxxxxxxx.

  9. In the Choose Access Control Policy step, choose to Permit everyone.

  10. Review your settings on the Ready to Add Trust step, then click Next.

  11. On the Finish step, press Close. This will open the Edit Claim Rules modal.

  12. On the Issuance Transform Rules tab, click Add Rule....

  13. Select the Send Claims Using a Custom Rule, click Next.

  14. Enter the following values in the form then click Finish.

Claim rule name

Custom Rule

Name

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("name"), query = ";givenName;{0}", param = c.Value); 

15. On the Issuance Transform Rules tab, click Add Rule... again.

16. Select the Send Claims Using a Custom Rule, click Next.

17. Enter the following values in the form then click Finish.

Claim rule name

Custom rule

Email

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("email"), query = ";mail;{0}", param = c.Value);

18. On the Issuance Transform Rules tab, click Add Rule... again.

19. Select the Send Claims Using a Custom Rule, click Next.

20. Enter the following values in the form then click Finish.

Claim rule name

Custom rule

NameID

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = ";mail;{0}", param = c.Value);

21. Click OK.

Complete the Configuration

Enter this metadata document endpoint URL in your web browser after replacing example.com with your ADFS domain:
โ€‹


If you're prompted to download the file federationmetadata.xml, everything is configured correctly. Note the URL that you used here, or download the .xml file.

Provide the metadata document endpoint URL or the federationmetadata.xml to your Jibility Administrator. This file will provide Jibility with the information it needs to connect to your ADFS SSO configuration.

Related Article

Did this answer your question?