SwiftComply

Overview: Standard steps for setting up single sign-on access to SwiftComply Backflow via ADFS

What SwiftComply needs from the water organization

- E.g.,<a href="https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/federationmetadata/2007-06/federationmetadata.xml?appid=00000000-0000-0000-0000-000000000000" rel="nofollow noopener noreferrer" target="_blank"> https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/federationmetadata/2007-06/federationmetadata.xml?appid=00000000-0000-0000-0000-000000000000</a>

- The federation metadata URL
- - E.g.,<a href="https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/federationmetadata/2007-06/federationmetadata.xml?appid=00000000-0000-0000-0000-000000000000" rel="nofollow noopener noreferrer" target="_blank"> https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/federationmetadata/2007-06/federationmetadata.xml?appid=00000000-0000-0000-0000-000000000000</a>

Steps the water organization needs to take

Part 1: ADFS - Relying Party Trusts

On the ADFS Server, navigate to Relying Party Trusts.

Click Add Relying Party Trust from the Actions sidebar. Ensure Claims Aware is selected.

- On the ADFS Server, navigate to Relying Party Trusts.
- Click Add Relying Party Trust from the Actions sidebar. Ensure Claims Aware is selected.

On the Select Data Source screen, select the first option and copy your organization's SwiftComply Backflow URL into the Federation metadata address field. This will follow the following format:<a href="https://host.c3swift.com/saml/auth" rel="nofollow noopener noreferrer" target="_blank"> https://HOST.c3swift.com/saml/auth</a>. A member of the SwiftComply team will provide you with the hostname, but please note that it cannot be tested until your production environment is live.

- On the Select Data Source screen, select the first option and copy your organization's SwiftComply Backflow URL into the Federation metadata address field. This will follow the following format:<a href="https://host.c3swift.com/saml/auth" rel="nofollow noopener noreferrer" target="_blank"> https://HOST.c3swift.com/saml/auth</a>. A member of the SwiftComply team will provide you with the hostname, but please note that it cannot be tested until your production environment is live.
 
 Screen_Shot_2021-08-18_at_2.34.11_PM.png

Select Next, Next, Next, and Close (if you need to set anything else here that's up to you).

The Claims issuance policy should open next; if not, click Edit Claim Issuance Policy. (Instructions continued below)

- Select Next, Next, Next, and Close (if you need to set anything else here that's up to you).
- The Claims issuance policy should open next; if not, click Edit Claim Issuance Policy. (Instructions continued below)

Part 2: ADFS - Creating Claim Rules

Select Send LDAP Attributes as Claims, then click Next.

- Select Add Rule.
- Select Send LDAP Attributes as Claims, then click Next.
 
 Screen_Shot_2021-08-18_at_2.34.20_PM.png

Create the Claim rule name (up to you).

Select Active Directory as your attribute store, and:

- From the LDAP Attribute column, select E-Mail Addresses.
- From the Outgoing Claim Type, select E-Mail Address.
 
 Screen_Shot_2021-08-18_at_2.34.25_PM.png

- Create the Claim rule name (up to you).
- Select Active Directory as your attribute store, and:
- - From the LDAP Attribute column, select E-Mail Addresses.
 - From the Outgoing Claim Type, select E-Mail Address.
 
 Screen_Shot_2021-08-18_at_2.34.25_PM.png
- Click OK to save the rule.