ADFS Single Sign-on Setup with Workzone via SAML

1. On your ADFS server, open the AD FS Management snap-in. Under Actions, click Add Relying Party Trust

step 3

2. On the next screen, hit Start.

step 4

3. On the next screen, select the middle radio button for Import data about the relying party from a file. Browse for the Workzone metadata file you previously saved and hit Next.

step 5

4. On the next screen, enter a Display name. We recommend Workzone. Hit Next.

step 6

5. On the next screen, leave the first radio button selected, and hit Next.

step 7

6. On the next screen, leave the first radio button selected, and hit Next.

step 8

7. On the next screen, hit Next.

step 9

8. On the next screen, leave the checkbox checked, and hit Close.

step 10

9. The Edit Claim Rules for Workzone dialog will appear. Hit Add Rule

step 11

10. Select Send LDAP Attributes as Claims and hit Next.

step 12

11. Give the claim rule a name, such as Rule 1. Select Active Directory as the attribute store. Select E-Mail-Addresses as the LDAP attribute, and E-Mail Address as the outgoing claim type. Hit Finish.

step 13

12. You should see the new rule appear. Hit Add Rule… again.

step 14

13. Select Transform an Incoming Claim and hit Next.

step 15

14. Name this one Rule 2. Select E-Mail Address as the incoming claim type. Select Name ID as the outgoing claim type. Select Email as the outgoing name ID format. Leave the first radio button selected and hit Finish.

step 16

15. Both rules should now appear. Hit OK.

step 17

16. Log in to Workzone as an Administrator, and go to Setup in All Workspaces. Click Single sign-on on the left nav, and hit the Active radio button to activate SSO.