Follow the steps here to implement the trust between the enterprise ADFS 3.0 server running on Windows 2012 R2 and Bynder.
- Click to open the Server Manager Dashboard.
- Go to Tools > ADFS Management.
- Click Add Relying Party Trust... to open a wizard.
- Click Start.
- In the Select Data Source window, select Import data about the relying party published online or on a local network.
- In the Federation metadata address (host name or URL), enter https://[Your-Bynder-URL]/sso/saml/metadata/.
- Specify a display name for the trust.
- In the Configure Multi-factor Authentication Now window, select I do not want to configure multi-factor authentication settings for this relying party trust at this time.
- Select to Permit all users to access this relying party.
- Select to open the Edit Claim Rules window.
- In the Edit Claim Rules for Bynder window, click Add Rule....
- Select Send LDAP Attributes as Claims from the Claim rule template drop-down list.
- Configure the Get email from AD claim rule to look the following and click Finish.
- Add another rule. Now select Transform an Incoming Claim from the Claim rule template drop-down list.
- Configure Transform email to NameID rule to look the following and click Finish.
- Create the third rule. Now select Send LDAP Attributes as Claims from the Claim rule template drop-down list.
- Configure the Send user details rule to look the following.
If you want to map group permissions, you need to add two rules to your basic setting.
- Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template drop-down list.
-
In the Configure Claim Rule window, enter the following rule:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);
- Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template drop-down list.
-
In the Configure Claim Rule window, enter the following rule:
c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i)bynder"] => issue(claim = c);
Note
In this example, only the groups that start with bynder are sent. You can modify this as you need.
Updated