Skip to main content

Active Directory

ADFS configuration

  1. Open the server's Add Relying Party Trust Wizard from the ADFS Management console.
  2. Choose to enter data manually
  3. Enter a display name for the relying party. The name is just for naming and will not affect Offision functionality.
  4. Enable support for WS-Federation Passive protocol, using the app's URL
  5. Click Next through the rest of the wizard and Close at the end.
  6. Offision Identity requires a Name ID claim. Add one from the Edit Claim Rules dialog:
  7. Edit Claim Rules
  8. In the Add Transform Claim Rule Wizard, leave the default Send LDAP Attributes as Claims template selected, and click Next. Add a rule mapping the
    LDAP AttributeOutgoing Claim Type
    objectGUIDName ID
    E-Mail-AddressesE-Mail Address
    SAM-Account-NameName
    Display-NameCommon Name
  9. Add Transform Claim Rule Wizard: Configure Claim Rule
  10. Click Finish > OK in the Edit Claim Rules window.

ADFS configuration in Azure Active directory

  1. Navigate to the AAD tenant's app registrations blade. Click New application registration:
  2. Enter a name for the app registration. The name is just for naming and will not affect Offision functionality.
  3. No need to input the redirect URI
  4. Click Endpoints and note the Federation Metadata Document URL. This is the WS-Federation middleware's MetadataAddress:
  5. Navigate to the new app registration. Click Expose an API. Click Application ID URI Set > Save. Make note of the Application ID URI. This is the WS-Federation middleware's Wtrealm:

Redirect URI

  1. Redirect URI is for adding single-sign-on callback-link to Office 365 (Please also add this to the Azure Portal)

  2. Navigate to Authentication, click Add platform, then click Web

  3. Copy the Redirect URI from the ADFS integration and paste in the Redirect URIs in the Azure Portal AAD tenant. Click Configure