Help Center

Top article results

    ADFS

    ADFS

    Photo of Brienne Wong

    Brienne Wong

    This feature is available on all Professional and Enterprise plans. Want this and other premium features? Update your plan here.

    Set up

    Configure a manual RPT with the following attributes (xxxxxxxxxxxxxxxxxx will be generated for your in the SSO setup page in your account)

    Display name: zeroheight

    RP trust identifier: zeroheight:xxxxxxxxxxxxxxxxxx

    Secure hash algorithm: SHA-1

    If enabled, please provide the signing certificate: not currently enabled

    If enabled, please provide the encryption certificate: not currently enabled

    If WS-Fed is used, please provide the WS_Federation: not enabled  

    If SAML is used, please provide the logon and optionally the logout endpoints with binding type:

    login = https://zeroheight.com/sso/acs/xxxxxxxxxxxxxxxxxx

    You’ll need to set your ADFS to request a specific name ID format

     

    Claims

    1) In the Edit Claim Rules window, click on the Add Rule button under the Issuance Transform Rules tab.

    Red rectangle around Add Rule button

    2) The Add Transform Claim Rule Wizard window opens where you need to select Send LDAP Attributes as Claims as the Claim rule template, and click Next.

    Red rectangles around the Claim rule template area and Next button

    3) Enter a name for your Claim Rule, for example, “email,” then set Attribute store to Active Directory.

    4) Now we need to enter LDAP attributes. We will enter the LDAP attribute E-Mail-Addresses twice and set their outgoing types to E-Mail Address and email. Similarly, we will enter the LDAP attribute Given-Name twice and set their outgoing types to Given Name and FirstName.

    LDAP attributes

    5) Click OK when you are done adding the required LDAP attributes.

    6) You need to add another Claim Rule. So, click on Add Rule on the Issuance Transform Rules tab, select Transform an Incoming Claim, and click on Next.

    Red rectangles around the Claim rule template area and Next button

    7) Enter a Claim rule name, for example, Incoming-claim, set Incoming claim type to E-Mail Address, set Outgoing claim type to Name ID, and set Outgoing name ID format to Email.

    8) Select Pass through all claim values and click Finish.

    Red rectangle around the Finish button

    9) In the Edit Claim Rules window, click OK.

     

    What we need from you

    You will need to input into the SSO setup page:

    • Identity Provider Single Sign-On URL and X.509 Certificate
      👉 Note: If you need the Target_logout URL to set up SSO, email support@zeroheight.com and we can add it.

    OR

    • Identity Provider Metadata XML