Configure your Account
      Back to home
      1. Social Pinpoint Classic Helpdesk
      2. Configure your Account

      How to set up SSO with AD FS (Active Directory) | Social Pinpoint Classic Help Center

      This how-to article does not cover how to set up ADFS as an IdP. We assume you already have Active Directory setup and working with a table of users

      Add a new Relying Party Trust in AD FS

      1. Open the Add Relying Party Trust Wizard

      2. Click Start

      3. Select Enter data about the relying party manually

      4. Click Next >

      5. Enter a Display Name

      6. Click Next >

      7. Leave configuration as AD FS profile

      8. Click Next >

      Open the Add Relying Party Trust Wizard

      Click Start

      Select Enter data about the relying party manually

      Click Next >

      Enter a Display Name

      Click Next >

      Leave configuration as AD FS profile

      Click Next >

      Create new Identity Provider in Social Pinpoint (new tab)

      1. Navigate to Manage Account (/admin/manage)

      2. Click the New Identity Provider (IdP) button in the top-right

      3. Under Certificate click Download - you will supply this certificate to AD FS

      4. Save the value for ASSERTION CONSUMER SERVICE URL for later use

      5. Save the value for ISSUER/ENTITY ID for later use

      Navigate to Manage Account (/admin/manage)

      Click the New Identity Provider (IdP) button in the top-right

      Under Certificate click Download - you will supply this certificate to AD FS

      Save the value for ASSERTION CONSUMER SERVICE URL for later use

      Save the value for ISSUER/ENTITY ID for later use

      Finish setup of Relying Party Trust in AD FS

      1. Upload the certificate you obtained in the previous step by click Browse

      2. Click Next >

      3. Check Enable support for the SAML 2.0 WebSSO protocol

      4. In the text field, enter the value you saved for ASSERTION CONSUMER SERVICE URL

      5. Click Next >

      6. Enter the value you saved for ISSUER/ENTITY ID in the text field for Relying party trust identifier and click Add

      7. Click Next >

      8. Skip the next step - leave it as I do not want to configure multi-factor authentication settings for this relying party trust at this time and click Next >

      9. Select the appropriate setting for Choose Issuance and click Next >

      10. Double check your settings and click Next > if everything is okay

      11. Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close

      Upload the certificate you obtained in the previous step by click Browse

      Click Next >

      Check Enable support for the SAML 2.0 WebSSO protocol

      In the text field, enter the value you saved for ASSERTION CONSUMER SERVICE URL

      Click Next >

      Enter the value you saved for ISSUER/ENTITY ID in the text field for Relying party trust identifier and click Add

      Click Next >

      Skip the next step - leave it as I do not want to configure multi-factor authentication settings for this relying party trust at this time and click Next >

      Select the appropriate setting for Choose Issuance and click Next >

      Double check your settings and click Next > if everything is okay

      Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close

      Set up Claim Rules

      1. Click Add Rule…

      2. Set Claim rule template as Send LDAP Attributes as Claims

      3. Click Next >

      4. Set Attribute store as Active Directory

      5. Create a rule that maps E-Mail-Addresses to Name ID

      6. Create a rule that maps E-Mail-Addresses to E-Mail Address

      7. Create a rule that maps Given-Name to Given Name

      8. Create a rule that maps Surname to Surname

      9. Set an optional Claim rule name if you wish

      10. Click Finish

      Click Add Rule…

      Set Claim rule template as Send LDAP Attributes as Claims

      Click Next >

      Set Attribute store as Active Directory

      Create a rule that maps E-Mail-Addresses to Name ID

      Create a rule that maps E-Mail-Addresses to E-Mail Address

      Create a rule that maps Given-Name to Given Name

      Create a rule that maps Surname to Surname

      Set an optional Claim rule name if you wish

      Click Finish

      Your Claim Rule should look like this before you finish

      Finish setting up Identity Provider in Social Pinpoint

      Extract the following information from AD FS:

      1. Entity ID (usually something like /adfs/services/trust)

      2. Sign On URL (usually something like /adfs/ls/)

      3. Certificate fingerprint

      4. Certificate fingerprint algorithm

      Entity ID (usually something like /adfs/services/trust)

      Sign On URL (usually something like /adfs/ls/)

      Certificate fingerprint

      Certificate fingerprint algorithm

      Enter these values into the following fields in Social Pinpoint

      1. ENTITY ID

      2. SSO ENDPOINT

      3. CERTIFICATE FINGERPRINT

      4. CERTIFICATE FINGERPRINT ALGORITHM

      ENTITY ID

      SSO ENDPOINT

      CERTIFICATE FINGERPRINT

      CERTIFICATE FINGERPRINT ALGORITHM

      Set up Attribute Mapping in Social Pinpoint

      1. Set Email field to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

      2. Set First Name field to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

      3. Set Last Name field to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

      4. Click Save

      Set Email field to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

      Set First Name field to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

      Set Last Name field to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

      Click Save

      Enable the Identity Provider

      Once you are happy with your settings you may enable your Identity Provider inside of Social Pinpoint.

      Once enabled the a Single Sign-On button should appear on the sigh-in screen