Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Live Search
spaceKeyDOC
labelsSearch

...

titleTABLE OF CONTENTS

...

English | Deutsch


TABLE OF CONTENTS

Table of Contents
minLevel3
maxLevel3

AD FS will be used in combination with a SAML federation in that version. Prefer a OIDC federation in newer versions.

Prerequisites

  1. The Server has to be part of the target Active Directory Domain

  2. The Server Role “Active Directory Federation Services” has to be installed and configured on the server.

  3. The three parts “Install a server SSL certificate”, “Install the AD FS server role” and “Configure the federation server” under Step 2 of the Microsoft documentation are quite helpful.

There is no further Configuration needed in AD FS to enable SAML authentication.

To successfully create a SAML federation between AD FS and Okta there are a few fields that are required by our Okta solution. The AD FS has to provide email-address, first name and last name as well as an email-address as NameID.

Configuration in AD FS:

The steps might change with regards to the version and server version. They might also change with respect to the specific fields that are available in the actual AD FS instance.

Step 1: Create a Relying Party Trust

Image Modified

On the second step of the configuration wizard, the information can and should be imported via a metadata.xml file provided by Okta. This contains all information needed to complete the wizard.

Image Modified

Step 2: Create Claim Rules

All claim rules for the formerly created Party Trust can be found here:

Image Modified

New rules can be created by clicking on “Add Rule…”:

Image Modified

The following three rules have to be created:

Attribute claims from AD

Image Modified

Pass E-Mail Claims

Image Modified

Email to NameID

Image Modified

Step 3: Check the order of the claim rules (important!)

Image Modified