6.2 Configuring the Connector

After you import the connector, you must configure it to work with your ADFS system.

  1. Log in as an administrator to the SocialAccess administration console:

    https://appliance_dns_name/appliance/index.html

  2. Drag and drop the SAML 2.0 connector for ADFS from the Applications palette to the Applications panel.

  3. On the Configuration page, specify the configuration properties.

    Use the information from the ADFS metadata file. The signing certificate from ADFS is optional.

  4. Under Assertion Attribute Mappings, map the SAML Assertion attributes to the appropriate attributes in your identity source.

  5. Expand the Federation Instructions, then copy and paste the instructions into a text file to use during the ADFS configuration for single sign-on.

    NOTE:You must use a text editor that does not introduce hard returns or additional white space. For example, use Notepad instead of Wordpad.

  6. Click the Appmarks tab, then review and edit the default settings for the appmark.

    For more information, see Section 5.4, Configuring Appmarks for Connectors.

  7. Click OK to save the configuration.

  8. Click Apply to commit the changes to the appliance.

  9. Wait until the configuration changes have been applied on each node of the cluster.

  10. Log in to ADFS as the ADFS administrator, then configure the SAML 2.0 federation for SocialAccess in the ADFS administration console.

    Use the information from the Federation Instructions in Step 5 to complete the setup.

    NOTE:When you copy the appliance’s signing certificate, ensure that you include all leading and trailing hyphens in the certificate’s Begin and End tags.

  11. After you complete the configuration, users can log in through SocialAccess to single sign-on to the ADFS system. The SocialAccess login page URL is:

    https://appliance_dns_name

  12. (Conditional) To allow Service Provider-initiated login, you must specify the Name ID format on the ADFS side. To do this, run the following PowerShell command:

    Set-ADFSClaimsProviderTrust -TargetName Display Name from Claims
Provider Trust -RequiredNameIdFormat
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

  13. (Optional) If you want users to connect to SharePoint, proceed to Section 6.4, Connecting to SharePoint.