Search

Set up a SAML SSO for ADFS 2.0

  • Updated

In this article, we focus on how to configure SSO with ADFS 2.0 (Microsoft Active Directory Federation Services).

To enable SSO for your 360Learning space, first contact your Solution Architect (SA), they will guide
you through the entire integration process and give you a federation file required to configure your ADFS.

Relying Party Trust Configuration

  1. In your ADFS, select the Add Relying Party Trust option located under Trust Relationships / Relying Party Trusts in the left panel.
  2. Click Start and import your federation file (the XML file you received from your Solution Architect) using the option Import data about the relying party from a file.
  3. Click Next, and provide a Display Name (for example: 360Learning).
  4. Click Next and select Permit all users to access the relying party in the Choose Issuance Authorization Rules panel.
  5. Finish the configuration.

Certificate

  1. In the left panel, under Services / Certificates, right-click on the Token-signing Certificate and select View Certificateā€¦
  2. In the Certificate window, open the Details tab and click Copy to File.
  3. In the Export popin, click Next and select DER encoded base64 X.509 (.cer) format.
  4. Click Next and select where you want to save the certificate on your disk (you will need it later).

Claim Rules Configuration

  1. From the left panel, go to Trust Relationships / Relying Party Trusts and right-click on the 360Learning relying trust (the one your create during the first step).
  2. Select Edit Claim Rulesā€¦
  3. Add Rules using the Send LDAP Attributes as Claims template.
  4. Set a name for the rule, select the Active Directory option and create the following mapping:
    • LDAP Attribute: E-Mail-Addresses / Outgoing Claim Type: emailaddress
    • LDAP Attribute: Given-Name / Outgoing Claim Type: givenname
    • LDAP Attribute: Surname / Outgoing Claim Type: surname
  5. Finish the configuration of this rule.
  6. Add another rule. This time, select the Transform an incoming Claim option and click Next.
  7. Set a name for the rule (Email to NameID). Set the parameters:
    • Incoming claim type: E-Mail Address
    • Outgoing claim type: Name ID
    • Outgoing name ID format: Email
    • Finish the configuration of this rule.
  8. Send the certificate, along with the URL of your login portal to your Solution Architect (for example: https://fs.mycompany.com/adfs/ls).

Access control with SSO

Account provisioning with first SSO login

When we configure your SSO, we can activate the user provisioning option. We will create an account on the fly on our platform for the users who successfully log in via SSO if they were previously unknown to us.

Basically, it only creates a learner user account with Name, Surname and Email Address (nothing else) and add it into one group only. All users are added into the same group through this option.

By default, this option is not activated.

Managing specific access to 360Learning

You can configure your ADFS to restrict access to 360Learning to specific groups of your organization.

Check out our blog for more L&D resources.

Was this article helpful?

0 out of 3 found this helpful

Have more questions? Submit a request