ADFS
This feature is available on all Professional and Enterprise plans. Want this and other premium features? Update your plan here.
Set up
Configure a manual RPT with the following attributes (xxxxxxxxxxxxxxxxxx will be generated for your in the SSO setup page in your account)
Display name: zeroheight
RP trust identifier: zeroheight:xxxxxxxxxxxxxxxxxx
Secure hash algorithm: SHA-1
If enabled, please provide the signing certificate: not currently enabled
If enabled, please provide the encryption certificate: not currently enabled
If WS-Fed is used, please provide the WS_Federation: not enabled
If SAML is used, please provide the logon and optionally the logout endpoints with binding type:
login = https://zeroheight.com/sso/acs/xxxxxxxxxxxxxxxxxx
You’ll need to set your ADFS to request a specific name ID format
Claims
1) In the Edit Claim Rules window, click on the Add Rule button under the Issuance Transform Rules tab.
2) The Add Transform Claim Rule Wizard window opens where you need to select Send LDAP Attributes as Claims as the Claim rule template, and click Next.
3) Enter a name for your Claim Rule, for example, “email,” then set Attribute store to Active Directory.
4) Now we need to enter LDAP attributes. We will enter the LDAP attribute E-Mail-Addresses twice and set their outgoing types to E-Mail Address and email. Similarly, we will enter the LDAP attribute Given-Name twice and set their outgoing types to Given Name and FirstName.
5) Click OK when you are done adding the required LDAP attributes.
6) You need to add another Claim Rule. So, click on Add Rule on the Issuance Transform Rules tab, select Transform an Incoming Claim, and click on Next.
7) Enter a Claim rule name, for example, Incoming-claim, set Incoming claim type to E-Mail Address, set Outgoing claim type to Name ID, and set Outgoing name ID format to Email.
8) Select Pass through all claim values and click Finish.
9) In the Edit Claim Rules window, click OK.
What we need from you
You will need to input into the SSO setup page:
- Identity Provider Single Sign-On URL and X.509 Certificate
👉 Note: If you need the Target_logout URL to set up SSO, email support@zeroheight.com and we can add it.
OR
- Identity Provider Metadata XML