ADFS SAML Configuration - SAML SAML2

This feature is available for accounts with the LDAP option. Please contact eBackpack if you are interested in adding this capability.

This feature is currently available for web login, will be available for iOS login in late May, and Android/Windows app (non-browser) login at a later time.

 

If you want to use Active Directory Federation Services (ADFS) SAML SSO for account wide eBackpack authentication you may do so with the following steps. This process takes four primary steps;

1) Inform your eBackpack Account Manager that you want to set this up so that they may provided the required, account specific, details.

2) Configure ADFS with the provided details.

3) Notify your eBackpack Account Manager when this has been completed and provide them with your ADFS MetaData URL (the public dns name for your ADFS server that is available through your firewall).

4) eBackpack will finalize the configuration and notify you when it is complete.

 

The detailed procedure for step 2 is as follows:

Note: These steps are based on a default ADFS installation and configuration, you may need to adapt these steps for any customizations you have implemented.

  1. Login to ADFS as an Admin

  2. Launch "ADFS Management Tool"

  3. Expand "Trust Relationships"

  4. Right Click on "Relying Party Trusts"

  5. Select "Add Relying Party Trust" which will start a configuration wizard with the following pages.

    1. Welcome Screen

      1. Click "Start"

    2. Select Data Source Screen

      1. Select "Import Data about relying party published online or on a local network"

      2. Enter Metadata URL provided by your eBackpack Account Manager

      3. Click "Next"

    3. Display Name Screen

      1. Enter "eBackpack"

      2. Click "Next"

    4. Configure Multi Factor Authentication Screen

      1. Assumed this is left as the default “Not Configured”, If you chose to configure Multi Factor Authentication, additional custom steps may be required for your configuration.

      2. Click "Next"
    5. Choose Issuance Authorization Rules Screen

      1. Select "Permit all users to access this relying party."

      2. Click "Next"

    6. Finish Screen

      1. Check "Open Edit Claims Rules Dialog"

      2. Click "Close"

  6. The "Edit Claims Rules Dialog" will open.

  7. Select "Issues and Transform Rules" tab

    1. Click "Add Rule"
    2. Set "Claim Rule Template" to "Send LDAP Attribute as Claims"
    3. Click "Next"
    4. Set "Claim rule name" to "Send user name"
    5. Set "Attribute Store" to "Active Directory"
    6. Set "LDAP Attribute" to "SAM-Account-Name"
    7. Set "Outgoing Claim" to "Name ID"
    8. Click "Finish"
  8. Click "OK" OK to exit the dialog.

 

SAML SAML2 saml saml2