Social Pinpoint

This how-to article does not cover how to set up ADFS as an IdP. We assume you already have Active Directory setup and working with a table of users

___________________________________________________________

Add a new Relying Party Trust in AD FS

Open the Add Relying Party Trust Wizard

Select Enter data about the relying party manually

Leave configuration as AD FS profile

1. Open the Add Relying Party Trust Wizard
2. Click Start
3. Select Enter data about the relying party manually
4. Click Next &gt;
5. Enter a Display Name
6. Click Next &gt;
7. Leave configuration as AD FS profile
8. Click Next &gt;

Create new Identity Provider in Social Pinpoint (new tab)

Navigate to Manage Account (/admin/manage)

Click the New Identity Provider (IdP) button in the top-right

Under Certificate click Download - you will supply this certificate to AD FS

Save the value for ASSERTION CONSUMER SERVICE URL for later use

Save the value for ISSUER/ENTITY ID for later use

1. Navigate to Manage Account (/admin/manage)
2. Click the New Identity Provider (IdP) button in the top-right
3. Under Certificate click Download - you will supply this certificate to AD FS
4. Save the value for ASSERTION CONSUMER SERVICE URL for later use
5. Save the value for ISSUER/ENTITY ID for later use

Finish setup of Relying Party Trust in AD FS

Upload the certificate you obtained in the previous step by click Browse

Check Enable support for the SAML 2.0 WebSSO protocol

In the text field, enter the value you saved for ASSERTION CONSUMER SERVICE URL

Enter the value you saved for ISSUER/ENTITY ID in the text field for Relying party trust identifier and click Add

Skip the next step - leave it as I do not want to configure multi-factor authentication settings for this relying party trust at this time and click Next &gt;

Select the appropriate setting for Choose Issuance and click Next &gt;

Double check your settings and click Next &gt; if everything is okay

Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close

1. Upload the certificate you obtained in the previous step by click Browse
2. Click Next &gt;
3. Check Enable support for the SAML 2.0 WebSSO protocol
4. In the text field, enter the value you saved for ASSERTION CONSUMER SERVICE URL
5. Click Next &gt;
6. Enter the value you saved for ISSUER/ENTITY ID in the text field for Relying party trust identifier and click Add
7. Click Next &gt;
8. Skip the next step - leave it as I do not want to configure multi-factor authentication settings for this relying party trust at this time and click Next &gt;
9. Select the appropriate setting for Choose Issuance and click Next &gt;
10. Double check your settings and click Next &gt; if everything is okay
11. Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close

Set Claim rule template as Send LDAP Attributes as Claims

Set Attribute store as Active Directory

Create a rule that maps E-Mail-Addresses to Name ID

Create a rule that maps E-Mail-Addresses to E-Mail Address

Create a rule that maps Given-Name to Given Name

Create a rule that maps Surname to Surname

Set an optional Claim rule name if you wish

1. Click Add Rule…
2. Set Claim rule template as Send LDAP Attributes as Claims
3. Click Next &gt;
4. Set Attribute store as Active Directory
5. Create a rule that maps E-Mail-Addresses to Name ID
6. Create a rule that maps E-Mail-Addresses to E-Mail Address
7. Create a rule that maps Given-Name to Given Name
8. Create a rule that maps Surname to Surname
9. Set an optional Claim rule name if you wish
10. Click Finish

Your Claim Rule should look like this before you finish

Finish setting up Identity Provider in Social Pinpoint

Extract the following information from AD FS:

Entity ID (usually something like /adfs/services/trust)

Sign On URL (usually something like /adfs/ls/)

1. Entity ID (usually something like /adfs/services/trust)
2. Sign On URL (usually something like /adfs/ls/)
3. Certificate fingerprint
4. Certificate fingerprint algorithm

Enter these values into the following fields in Social Pinpoint

1. ENTITY ID
2. SSO ENDPOINT
3. CERTIFICATE FINGERPRINT
4. CERTIFICATE FINGERPRINT ALGORITHM

Set up Attribute Mapping in Social Pinpoint

Set Email field to <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" target="_blank" rel="nofollow noopener noreferrer">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a>

Set First Name field to <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" target="_blank" rel="nofollow noopener noreferrer">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a>

Set Last Name field to <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" target="_blank" rel="nofollow noopener noreferrer">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a>

1. Set Email field to <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" target="_blank" rel="nofollow noopener noreferrer">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a>
2. Set First Name field to <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" target="_blank" rel="nofollow noopener noreferrer">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a>
3. Set Last Name field to <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" target="_blank" rel="nofollow noopener noreferrer">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a>
4. Click Save

Once you are happy with your settings you may enable your Identity Provider inside of Social Pinpoint.

Once enabled the a Single Sign-On button should appear on the sigh-in screen