Skip to main content
All CollectionsConfigure Your Account
How to set up SSO with AD FS (Active Directory)
How to set up SSO with AD FS (Active Directory)
Amy Truran avatar
Written by Amy Truran
Updated over a week ago

This how-to article does not cover how to set up ADFS as an IdP. We assume you already have Active Directory setup and working with a table of users


Add a new Relying Party Trust in AD FS

  1. Open the Add Relying Party Trust Wizard

  2. Click Start

  3. Select Enter data about the relying party manually

  4. Click Next >

  5. Enter a Display Name

  6. Click Next >

  7. Leave configuration as AD FS profile

  8. Click Next >


Create new Identity Provider in Social Pinpoint (new tab)

  1. Navigate to Manage Account (/admin/manage)

  2. Click the New Identity Provider (IdP) button in the top-right

  3. Under Certificate click Download - you will supply this certificate to AD FS

  4. Save the value for ASSERTION CONSUMER SERVICE URL for later use

  5. Save the value for ISSUER/ENTITY ID for later use


Finish setup of Relying Party Trust in AD FS

  1. Upload the certificate you obtained in the previous step by click Browse

  2. Click Next >

  3. Check Enable support for the SAML 2.0 WebSSO protocol

  4. In the text field, enter the value you saved for ASSERTION CONSUMER SERVICE URL

  5. Click Next >

  6. Enter the value you saved for ISSUER/ENTITY ID in the text field for Relying party trust identifier and click Add

  7. Click Next >

  8. Skip the next step - leave it as I do not want to configure multi-factor authentication settings for this relying party trust at this time and click Next >

  9. Select the appropriate setting for Choose Issuance and click Next >

  10. Double check your settings and click Next > if everything is okay

  11. Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close


Set up Claim Rules

  1. Click Add Rule…

  2. Set Claim rule template as Send LDAP Attributes as Claims

  3. Click Next >

  4. Set Attribute store as Active Directory

  5. Create a rule that maps E-Mail-Addresses to Name ID

  6. Create a rule that maps E-Mail-Addresses to E-Mail Address

  7. Create a rule that maps Given-Name to Given Name

  8. Create a rule that maps Surname to Surname

  9. Set an optional Claim rule name if you wish

  10. Click Finish

Your Claim Rule should look like this before you finish


Finish setting up Identity Provider in Social Pinpoint

Extract the following information from AD FS:

  1. Entity ID (usually something like /adfs/services/trust)

  2. Sign On URL (usually something like /adfs/ls/)

  3. Certificate fingerprint

  4. Certificate fingerprint algorithm

Enter these values into the following fields in Social Pinpoint

  1. ENTITY ID

  2. SSO ENDPOINT

  3. CERTIFICATE FINGERPRINT

  4. CERTIFICATE FINGERPRINT ALGORITHM


Set up Attribute Mapping in Social Pinpoint


Enable the Identity Provider

Once you are happy with your settings you may enable your Identity Provider inside of Social Pinpoint.

Once enabled the a Single Sign-On button should appear on the sigh-in screen

Did this answer your question?