Access: IT Departments

Overview: Standard steps for setting up single sign-on access to SwiftComply Backflow via ADFS

What SwiftComply needs from the water organization

• The federation metadata URL
• E.g., https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/federationmetadata/2007-06/federationmetadata.xml?appid=00000000-0000-0000-0000-000000000000

Steps the water organization needs to take

Part 1: ADFS - Relying Party Trusts

• On the ADFS Server, navigate to Relying Party Trusts.
• Click Add Relying Party Trust from the Actions sidebar. Ensure Claims Aware is selected.

• On the Select Data Source screen, select the first option and copy your organization's SwiftComply Backflow URL into the Federation metadata address field. This will follow the following format: https://HOST.c3swift.com/saml/auth. A member of the SwiftComply team will provide you with the hostname, but please note that it cannot be tested until your production environment is live.

• Select Next, Next, Next, and Close (if you need to set anything else here that's up to you).
• The Claims issuance policy should open next; if not, click Edit Claim Issuance Policy. (Instructions continued below)

Part 2: ADFS - Creating Claim Rules

• Select Add Rule.
• Select Send LDAP Attributes as Claims, then click Next.

• Create the Claim rule name (up to you).
• Select Active Directory as your attribute store, and:
• From the LDAP Attribute column, select E-Mail Addresses.
• From the Outgoing Claim Type, select E-Mail Address.
• Click OK to save the rule.