Access: Admin Only

Overview: A look at how to set up Single Sign On (SSO) via SAML 2.0 (Security Assertion Markup Language).

To configure SAML settings for SSO, you need an identity provider that supports SAML 2.0, such as Active Directory. Active Directory Federation Services (ADFS) is a service developed by Microsoft to provide users with single sign on access to systems and applications.

Open ADFS and navigate to Service > Certificates.

Right-click the Token-signing certificate and choose View certificate.

On the 'Details' tab, click Copy File to open the Export Wizard and export the certificate.

To obtain the sha256 fingerprint from the certificate, run the following using OpenSSL:

openssl x509 -noout -fingerprint -sha256 -inform pem -in signing.cert

Copy the fingerprint.

Open SwiftComply FOG. Click cog icon in the top right to access Settings.

On the menu on the left, click Team.

Click the Single Sign On tab.

Check the 'Enabled' box.

Set the 'SSO target URL' to https://YOURDOMAIN/adfs/ls (or your SAML URL).

Paste the fingerprint from the first step into the 'Certificate fingerprint' field.

Click Save.

The connection is defined using a relying party trust.

On the ADFS Server, navigate to Relying Party Trusts.

Click Add Relying Party Trust from the Actions sidebar.

Ensure Claims Aware is selected.

In the 'Select Data Source' screen, select the first option and copy the audience URL from City2 into the 'Federation metadata address' field.

Select Next, Next, Next, and Close (if you need to set anything else here that's up to you).

The Claims issuance policy should open next, if not click Edit Claim Issuance Policy.

Select Add Rule.

Select Send LDAP Attributes as Claims.

Create the 'Claim rule name' (up to you).

Select Active Directory as your attribute store, and:

Click OK to save the rule, and again to finish creating rules.