Bynder Support

Our support team is here for you.

Submit a request Return to overview page
Bynder Support

Implement a trust between Enterprise ADFS 3.0 on Windows Server 2012R2

Follow Print

Follow the steps below to implement the trust between enterprise ADFS 3.0 server running on Windows 2012 R2 and Bynder.

You need a working ADFS to perform the task. For more information on ADFS implementation, see https://technet.microsoft.com/nl- nl/library/cc782250(v=ws.10).aspx.

Configure basic rules

    1. Click  to open the Server Manager Dashboard. 
    2. Go to Tools > ADFS Management

    3. Click Add Relying Party Trust... to open a wizard.

       

    4. Click Start.

       

    5. In the Select Data Source window, select Import data about the relying party published online or on a local network.
    6. In the Federation metadata address (host name or URL), enter https://[Your-Bynder-URL]/sso/saml/metadata/.
    7. Specify a display name for the trust. 

    8. In the Configure Multi-factor Authentication Now window, select I do not want to configure multi-factor authentication settings for this relying party trust at this time.

       

    9. Select to Permit all users to access this relying party.
    10. Select to open the Edit Claim Rules window. 
    11. In the Edit Claim Rules for Bynder window, click Add Rule...
    12. Select Send LDAP Attributes as Claims from the Claim rule template dropdown list.

    13. Configure the Get email from AD claim rule to look the following and click Finish.
    14. Add another rule. Now select Transform an Incoming Claim from the Claim rule template dropdown list.
    15. Configure Transform email to NameID rule to look the following and click Finish.
    16. Create the third rule. Now select  Send LDAP Attributes as Claims from the Claim rule template dropdown list.
    17. Configure the Send user details rule to look the following.

Results

Your set of rules should look in the following way:

  Configure rules to pass Group permissions in ADFS to Bynder

If you want to map group permissions, you need to add two rules to your basic setting. 

  1. Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template dropdown list. 

  2. In the Configure Claim Rule window, enter the following rule:

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);

  3. Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template dropdown list. 

  4. In the Configure Claim Rule window, enter the following rule:

    c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i)bynder"] => issue(claim = c);

Note: In this example, only the groups that start with bynder are sent. You can modify this as you need.

Result

Your setting screen should look in the following way. 

 

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments