Configuring AD FS 2.0 for Salsify SSO 

There are three main steps to setting up AD FS 2.0. Click any of the links to move to that section of the instructions, or scroll down for full details on each.

  1. Add a new Relying Party Trust
  2. Create the Claim Rules
  3. Adjust the Trust Settings

Add a new Relying Party Trust

  1. Select the Relying Party Trusts folder from AD FS and Add Relying Party Trust from the Actions menu.
  2. In the Select Data Source screen, choose Enter data about the relying party manually.

     
  3. Add a display name and, optionally, notes.
     
  4. Select AD FS 2.0 Profile.

     
  5. Leave the certificate settings at their default.
     
  6. Select Enable support for the SAML 2.0 WebSSO protocol and then enter the callback URL that was provided to you by Salsify.

     
  7. Add salsify.com as a relying party trust identifier.
     
  8. Permit all users to access this relying party.
     
  9. Select Next through to the Finish screen and then select Close button to exit and open the Claim Rules editor.

Create the Claim rules

  1. Within the Issuance Transform Rules, choose to Add Rule...
  2. For the Rule template, select Send LDAP Attributes as Claims and map the email address to the Name ID, and the full name to Name.

     
  3. Click OK and then add a new rule by clicking Add Rule...
  4. For the rule template, select Transform an Incoming Claim.  Set the incoming claim type to E-mail Address and the Outgoing claim type = Name ID and Outgoing nameID format = Email.


Adjust the Trust Settings

  1. Select the relying trust and select the advanced tab and ensure the Secure hash algorithm is SHA-1.
     
  2. Note that Salsify does not currently support a logout endpoint.