Follow the steps below to implement the trust between enterprise ADFS 3.0 server running on Windows 2012 R2 and Bynder.
You need a working ADFS to perform the task. For more information on ADFS implementation, see Implementing Your ADFS Design Plan.
-
Click
to open the Server Manager Dashboard.
-
Go to Tools > ADFS Management.
-
Click Add Relying Party Trust... to open a wizard.
-
Click Start.
-
In the Select Data Source window, select Import data about the relying party published online or on a local network.
-
In the Federation metadata address (host name or URL), enter https://[Your-Bynder-URL]/sso/saml/metadata/.
-
Specify a display name for the trust.
-
In the Configure Multi-factor Authentication Now window, select I do not want to configure multi-factor authentication settings for this relying party trust at this time.
-
Select to Permit all users to access this relying party.
-
Select to open the Edit Claim Rules window.
-
In the Edit Claim Rules for Bynder window, click Add Rule....
-
Select Send LDAP Attributes as Claims from the Claim rule template drop-down list.
-
Configure the Get email from AD claim rule to look the following and click Finish.
-
Add another rule. Now select Transform an Incoming Claim from the Claim rule template drop-down list.
-
Configure Transform email to NameID rule to look the following and click Finish.
-
Create the third rule. Now select Send LDAP Attributes as Claims from the Claim rule template drop-down list.
-
Configure the Send user details rule to look the following.
If you want to map group permissions, you need to add two rules to your basic setting.
-
Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template drop-down list.
-
In the Configure Claim Rule window, enter the following rule:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);
-
Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template drop-down list.
-
In the Configure Claim Rule window, enter the following rule:
c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i)bynder"] => issue(claim = c);
Note
In this example, only the groups that start with bynder are sent. You can modify this as you need.
Comments
0 comments
Please sign in to leave a comment.