Access Required

You must be a Guru admin to access the  SSO/SCIM page to set up SSO for your team.

Setting up ADFS SSO

  1. In the ADFS Management Console, create a new Relying Party Trust.
  2. On the Identifiers tab, enter your Display Name and then add a Relying party identifier of getguru.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx where xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is your Team ID (which you can find on your SSO/SCIM page.)

ADFS SSO Step 1.png

  1. On the Endpoints tab, click the Add SAML... button
  2. On the following screen, choose the Endpoint type of SAML Assertion Consumer, Binding of POST and for Trusted URL enter https://api.getguru.com/samlsso/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx where xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is your Team ID.

ADFS SSO Step 2.png

  1. Then click OK on this dialog and OK again to save.
  2. Click on Edit Claim Rules... and on the Issuance Transform Rules tab, click Add Rule...
  3. Choose the Send LDAP Attributes.. claim rule template.
  4. Click Next. Enter a claim rule called Guru Attributes, using Active Directory as the attribute store.
  5. Then, add mappings for LDAP Attributes as shown in the screenshot below:
ADFS SSO Step 3.png
  1. Click OK to save and then add another rule.
  2. This time, choose the Transform an Incoming Claim rule template and click Next.
ADFS SSO Step 4.png
  1. Enter a rule name of Email to NameID and set the incoming claim type to E-Mail Address.
  2. Set the outgoing claim type to Name ID and the outgoing format to Email.
  3. Click OK to save.

ADFS SSO Step 5.png

At this point, your claim rules should look like the following screenshot:
ADFS SSO Step 6.png

  1. Click OK to save.
  2. Once completed go to your SSO/SCIM page and follow STEP 2 in these instructions, which detail how to fill in the fields for:
  • x.509 certificate
  • the Identity Provider Issuer URL (ie, https://sso.yourcompany.com/adfs/services/trust)
  • Identity Provider SAML Endpoint URL (ie, https://sso.yourcompany.com/adfs/ls/IdpInitiatedSignOn.aspx)