ADFS SSO SAML Setup

Role: Admin


  1. In the AD FS Management Console, create a new Relying Party Trust.

  2. On the Identifiers tab, enter your Display Name and then add a Relying party identifier of getguru.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx where xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is your Team ID (which you can find on your Integrations SSO settings page.)

  1. On the Endpoints tab, click the Add SAML... button

  2. On the following screen, choose the Endpoint type of SAML Assertion Consumer, Binding of POST and for Trusted URL enter https://api.getguru.com/samlsso/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx where xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is your Team ID.

  1. Then click OK on this dialog and OK again to save.

  2. Click on Edit Claim Rules... and on the Issuance Transform Rules tab, click Add Rule....

  3. Choose the Send LDAP Attributes.. claim rule template

  4. Click Next. Enter a claim rule called Guru Attributes, using Active Directory as the attribute store.

  5. Then, add mappings for LDAP Attributes as shown in the screen shot below...

  1. Click OK to save and then add another rule.

  2. This time, choose the Transform an Incoming Claim rule template and click Next.

  1. Enter a rule name of Email to NameID and set the incoming claim type to E-Mail Address.

  2. Set the outgoing claim type to Name ID and the outgoing format to Email.

  3. Click OK to save.

At this point, your claim rules should look like the following screen shot...

  1. Click OK to save.

  2. Once completed go to your SSO settings page and follow STEP 2 in these instructions, which detail how to fill in the fields for:

    1. x.509 certificate

    2. the Identity Provider Issuer URL (ie, https://sso.yourcompany.com/adfs/services/trust)

    3. Identity Provider SAML Endpoint URL (ie, https://sso.yourcompany.com/adfs/ls/IdpInitiatedSignOn.aspx)