Skip to main content

How do I configure ADFS for single sign-on with Aiwyn?

Christa Mason
Updated

In order to make use of SSO with Aiwyn’s Firm Portal, there are a few steps that must be completed:

  1. Configure a “Relying Party Trust” for Aiwyn’s Firm Portal
  2. Provide Federation Service details (Entity ID, SSO/Identity URL) via secure document to support@aiwyn.ai (please include your Firm Name in the email subject)
  3. Obtain token-signing certificate and provide to Aiwyn

Relying Party Trust

Aiwyn’s Firm Portal must be configured via “Relying Party Trust” within Active Directory Federation Service. 

When you go into the AD FS Manager, you will see something similar to below.

1. Select "Add Relying Party Trust..."

ADFS-Relying_Party_Trust.png

2. Select "Claims aware" and click Start button

ADFS-Claims_Aware.png

3. Select "Enter data about the relying party manually" and click Next button

ADFS-Enter_Data_about_relying_party_manually.png

4. Name your new Relying Party Trust "Aiwyn - SAML" or something similar and click Next button

ADFS-Name_Relying_Party.png

5. Skip "Configure Certificate"

6. Enter the following information for the "Relying Party SAML 2.0 SSO service URL: https://an-prd.firebaseapp.com/__/auth/handler and click Next button

ADFS-Relying_Party_SAML_2.0_SSO_Service_URL.png

7. Add "Aiwynai" to the "Relying party trust identifiers" and click Next button

ADFS-Relying_Party_Trust_Identifiers.png

 

8. Choose the appropriate Access Control Policy and click Next button

ADFS-Access_Control_Policy.png

9. Additional configuration is required for other permit options

10. Skip "Ready to Add Trust"

11. Close the "Add Relying Party Trust Wizard" leaving the "Configure claims issuance policy for this application" selected.

ADFS-Configure_claims_issuance_policy_selection.png

12. Add "Issuance Transform Rules"

ADFS-Add_Issuance_Transform_Rules.png

 

13. Select "Send LDAP Attributes as Claims" and click Next button

ADFS-Send_LDAP_Attributes_as_claims.png

 

14. Name your "Claim Rule": "Aiwyn Claim Rule"

15. Select "Active Directory"

16. Add the following LDAP Attributes and Outgoing Claim Types

LDAP Attribute Outgoing Claim Type
E-mail Addresses E-mail Address
SAM-Account-Name Name ID
Token-Groups - Qualified by Domain Group
Given-Name Given Name
Surname Surname

 

ADFS-LDAP_attributes_to_outgoing_claim_types.png

 

Obtain Token-Signing Certificate

1. Within ADFS Manager, navigate to Services > Certificates

ADFS-Token_Signing_Certificate.png

 

2. Here you will find the Token-signing certificate for your ADFS Server that is used to authenticate your Security Assertion Markup Language (SAML) connection from the Web Help Desk

3. Click the Token-signing certificate

4. In the Actions section, select "View Certificate"

5. Click the Details tab, click "Copy to File" then select Next button

6. Select Base-64 encoded X.509 (.CER), and select Next button

7. Click "Browse", select a location, enter a file name, then select Save button

8. Entering a new file name will not impact the setup.

9. Select Next button, then select Finish button

10. Open the file in Notepad or some other text editor, and copy the entire contents

11. Provide the following to your Aiwyn Implementation Manager in your secure IT checklist.

  •  
    • Entity ID
    • SSO/Identity URL
    • Token-signing certificate

 

Related articles