Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »


 TABLE OF CONTENTS

AD FS will be used in combination with a SAML federation in that version. Prefer a OIDC federation in newer versions.

Prerequisites

  1. The Server has to be part of the target Active Directory Domain

  2. The Server Role “Active Directory Federation Services” has to be installed and configured on the server.

  3. The three parts “Install a server SSL certificate”, “Install the AD FS server role” and “Configure the federation server” under Step 2 of the Microsoft documentation are quite helpful.

There is no further Configuration needed in AD FS to enable SAML authentication.

To successfully create a SAML federation between AD FS and Okta there are a few fields that are required by our Okta solution. The AD FS has to provide email-address, first name and last name as well as an email-address as NameID.

Configuration in AD FS:

The steps might change with regards to the version and server version. They might also change with respect to the specific fields that are available in the actual AD FS instance.

Step 1: Create a Relying Party Trust

On the second step of the configuration wizard, the information can and should be imported via a metadata.xml file provided by Okta. This contains all information needed to complete the wizard.

Step 2: Create Claim Rules

All claim rules for the formerly created Party Trust can be found here:

New rules can be created by clicking on “Add Rule…”:

The following three rules have to be created:

Attribute claims from AD

Pass E-Mail Claims

Email to NameID

Step 3: Check the order of the claim rules (important!)

  • No labels