ADFS SSO
Access Required
You must be a Guru admin to access the  SSO/SCIM page to set up SSO for your team.
Setting up ADFS SSO
- In the ADFS Management Console, create a new Relying Party Trust.
- On the Identifiers tab, enter your Display Name and then add a Relying party identifier of
getguru.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
wherexxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
is your Team ID (which you can find on your SSO/SCIM page.)
- On the Endpoints tab, click the Add SAML... button
- On the following screen, choose the Endpoint type of
SAML Assertion Consumer
, Binding ofPOST
and for Trusted URL enterhttps://api.getguru.com/samlsso/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
wherexxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
is your Team ID.
- Then click OK on this dialog and OK again to save.
- Click on Edit Claim Rules... and on the
Issuance Transform Rules
tab, clickAdd Rule...
- Choose the
Send LDAP Attributes..
claim rule template. - Click Next. Enter a claim rule called
Guru Attributes
, usingActive Directory
as the attribute store. - Then, add mappings for LDAP Attributes as shown in the screenshot below:
- Click OK to save and then add another rule.
- This time, choose the
Transform an Incoming Claim
rule template and click Next.
- Enter a rule name of
Email to NameID
and set the incoming claim type toE-Mail Address
. - Set the outgoing claim type to
Name ID
and the outgoing format toEmail.
- Click OK to save.
At this point, your claim rules should look like the following screenshot:
- Click OK to save.
- Once completed go to your SSO/SCIM page and follow STEP 2 in these instructions, which detail how to fill in the fields for:
- x.509 certificate
- the Identity Provider Issuer URL (ie,
https://sso.yourcompany.com/adfs/services/trust
) - Identity Provider SAML Endpoint URL (ie,
https://sso.yourcompany.com/adfs/ls/IdpInitiatedSignOn.aspx
)
Updated 3 months ago