Skip to main content

Knowledge Base

  • Knowledge Base
  • System
  • Implement a trust between Enterprise ADFS 3.0 on Windows Server 2012R2

Implement a trust between Enterprise ADFS 3.0 on Windows Server 2012R2

Follow the steps below to implement the trust between enterprise ADFS 3.0 server running on Windows 2012 R2 and Bynder.

You need a working ADFS to perform the task. For more information on ADFS implementation, see Implementing Your ADFS Design Plan.

Configure basic rules

  1. Click Screen Shot 2016-09-28 at 10.51.15.png to open the Server Manager Dashboard.

  2. Go to Tools > ADFS Management.

    Screen Shot 2016-09-28 at 10.40.34.png

  3. Click Add Relying Party Trust... to open a wizard.

    Screen_Shot_2016-09-28_at_10_54_11.png

  4. Click Start.

  5. In the Select Data Source window, select Import data about the relying party published online or on a local network.

  6. In the Federation metadata address (host name or URL), enter https://[Your-Bynder-URL]/sso/saml/metadata/.

  7. Specify a display name for the trust.

    Screen Shot 2016-10-06 at 14.44.06.png

  8. In the Configure Multi-factor Authentication Now window, select I do not want to configure multi-factor authentication settings for this relying party trust at this time.

  9. Select to Permit all users to access this relying party.

  10. Select to open the Edit Claim Rules window.

    Screen Shot 2016-09-28 at 13.19.04.png

  11. In the Edit Claim Rules for Bynder window, click Add Rule....

  12. Select Send LDAP Attributes as Claims from the Claim rule template drop-down list.

    Screen Shot 2016-09-28 at 13.23.12.png

  13. Configure the Get email from AD claim rule to look the following and click Finish.

    Screen Shot 2016-09-28 at 13.26.40.png

  14. Add another rule. Now select Transform an Incoming Claim from the Claim rule template drop-down list.

  15. Configure Transform email to NameID rule to look the following and click Finish.

    Screen Shot 2016-09-28 at 13.50.45.png

  16. Create the third rule. Now select Send LDAP Attributes as Claims from the Claim rule template drop-down list.

  17. Configure the Send user details rule to look the following.

    Screen Shot 2016-09-28 at 14.38.36.png

Results

Your set of rules should look in the following way:

Screen_Shot_2016-09-28_at_14_36_01.png

Configure rules to pass Group permissions in ADFS to Bynder

If you want to map group permissions, you need to add two rules to your basic setting.

Add group rules

  1. Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template drop-down list.

    Screen Shot 2016-10-06 at 15.42.42.png

  2. In the Configure Claim Rule window, enter the following rule:

    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";memberOf;{0}", param = c.Value);

    Screen Shot 2016-10-06 at 15.42.49.png

  3. Click to add a new rule and select Send Claims Using a Custom Rule from the Claim rule template drop-down list.

    Screen Shot 2016-10-06 at 15.43.00.png

  4. In the Configure Claim Rule window, enter the following rule:

    c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value =~ "(?i)bynder"] => issue(claim = c);

    Screen Shot 2016-09-28 at 15.04.21.png

    Note

    In this example, only the groups that start with bynder are sent. You can modify this as you need.

Results

Your setting screen should look in the following way:

Screen Shot 2016-10-06 at 15.58.10.png

Learn more

In this section: