Setting up Single Sign-On using Active Directory with ADFS and SAML 2.0

Step 1 – Adding a Relying Party Trust

To set up the ADFS connection with AutoRABIT using a Relying Party Trust (RPT), follow the below steps:

1. Login to the ADFS Server.

2. Launch the ADFS Management Console.

3. Click on “Add Relying Party Trust…” from the Actions sidebar on the right.
4. On the Select Data Source screen, select the last option: Enter data about the relying party manually.

5. On the next screen, enter a Display name that you will recognize in the future.
6. On the next screen, select AD FS profile.

7. On the next screen, leave the defaults.

8. On the next screen, check the box labeled: Enable support for the SAML 2.0 WebSSO protocol.

9. Enter the service URL. For ex- pg.autorabit.com/saml/SSO
10. Click Next.

11. On the next screen, add a Relying party trust identifier named https://pg.autorabit.com/saml/metadata and click Add.

12. On the next screen, leave the defaults.

13. On the next screen, select: Permit all users to access this relying party.
14. On the next screens, the wizard will display an overview of your settings. Click Next.
15. On the final screen use the Close button to exit and open the Claim Rules editor.

Step 2 – Creating Claim Rules

Once the Relying Party Trust exists, you can create the claim rules and update the Relying Party Trust with minor changes that are not set by the wizard.

1. By default, the Claim Rules editor opens once you created the trust.

2. To create a new rule, click on Add Rule.

3. Select: Send LDAP Attributes as Claims rule.

4. On the next screen, using Active Directory as your attribute store, do the following:

   1. From the LDAP Attribute column, select E-Mail Addresses.

   2. From the Outgoing Claim Type, select E-Mail Address.

5. Click OK to save the new rule.

6. Create another new rule by clicking Add Rule.

7. Select: Transform an Incoming Claim as the template.
8. On the next screen:

   1. Select E-mail Address as the Incoming Claim Type.

   2. For Outgoing Claim Type, select Name ID.

   3. For Outgoing Name ID Format, select Email.

   4. Leave the rule to the default of Pass through all claim values.
9. Finally, click OK to create the claim rule, and then OK again to finish creating rules.
10. Under ADFS Management Console, navigate to Services > Endpoints and find the URL to download the metadata XML file. See the screenshot attached.

Step 3: Configuring SSO in AutoRABIT

Now that your ADFS SSO implementation is set up, you’ll need to follow just a few more steps to configure SSO in your AutoRABIT account.

1. Log in to your AutoRABIT account.

2. Hover your mouse over the Admin module and select the option: My Account

3. On the My Account page, go to the SSO Configuration section.

4. Browse for the metadata XML file that you have downloaded previously in your local machine and upload them.

5. Sign out from your AutoRABIT account.

6. Go to the AutoRABIT login page. This time you need to login via SSO, so, therefore, click on the option: Single Sign On

7. Enter the domain name and click on Go.

8. Next, you will be redirected to your custom domain URL where you need to enter the username and password to access the AutoRABIT.