Active Directory

ADFS configuration

1. Open the server's Add Relying Party Trust Wizard from the ADFS Management console.
2. Choose to enter data manually
3. Enter a display name for the relying party. The name is just for naming and will not affect Offision functionality.
4. Enable support for WS-Federation Passive protocol, using the app's URL
5. Click Next through the rest of the wizard and Close at the end.
6. Offision Identity requires a Name ID claim. Add one from the Edit Claim Rules dialog:
7. Edit Claim Rules
8. In the Add Transform Claim Rule Wizard, leave the default Send LDAP Attributes as Claims template selected, and click Next. Add a rule mapping the

   LDAP Attribute	Outgoing Claim Type
   objectGUID	Name ID
   E-Mail-Addresses	E-Mail Address
   SAM-Account-Name	Name
   Display-Name	Common Name

9. Add Transform Claim Rule Wizard: Configure Claim Rule
10. Click Finish > OK in the Edit Claim Rules window.

ADFS configuration in Azure Active directory

1. Navigate to the AAD tenant's app registrations blade. Click New application registration:
2. Enter a name for the app registration. The name is just for naming and will not affect Offision functionality.
3. No need to input the redirect URI
4. Click Endpoints and note the Federation Metadata Document URL. This is the WS-Federation middleware's MetadataAddress:
5. Navigate to the new app registration. Click Expose an API. Click Application ID URI Set > Save. Make note of the Application ID URI. This is the WS-Federation middleware's Wtrealm:
   

Redirect URI

1. Redirect URI is for adding single-sign-on callback-link to Office 365 (Please also add this to the Azure Portal)

2. Navigate to Authentication, click Add platform, then click Web

   

3. Copy the Redirect URI from the ADFS integration and paste in the Redirect URIs in the Azure Portal AAD tenant. Click Configure