Connect HoxHunt to AD FS for Single Sign On
1. In the AD FS 2.0 Console, under Actions, select Add Relying Party Trust....
2. This will take you to the Add Relying Party Trust Wizard.
3. In the Select Data Source section, select Enter data about the relying party manually
4. In the Specify Display Name section, enter HoxHunt Display name
5. In the Choose Profile section, choose AD FS 2.0 profile
6. In the Configure Certificate section, do not specify a token encryption certificate
7. In the Configure URL section, check the option Enable support for the SAML 2.0 Web SSO protocol. Add the following URL for Relying party SAML 2.0 SSO service URL.
8. In the Configure Identifiers section, add the same url as in section 7 as a trust identifier,
9. In the Choose Issuance Authorization Rules section, select Permit all users to access this relying party
10. In the Ready to Add Trust section,
11. In the Finish section, check the option Open the Edit Claim Rules dialog for this relying party trust when the wizard closes,
12. Next you'll be taken to the Edit Claim Rules for HoxHunt panel. From the Issuance Transform Rules tab, click Add Rule...
13. From the Choose Rule Type section, set the Claim rule template drop-down menu to Send LDAP Attributes as Claims,
then click Next.
14. From the Configure Claim Rule section, under Claim rule name, type Email LDAP query. Underneath Attribute store, select Active Directory.
Under mapping of LDAP attributes to outgoing claim types, map LDAP Attribute E-Mail Addresses to Outgoing Claim Type E-Mail Address.
15. Additionally, Add following extra data mappings. Below are the Outgoing claim types. Specific LDAP attributes will vary depending on your LDAP configuration.
16. Add another rule from the Edit Claim Rules for HoxHunt panel. From the Choose Rule Type section, set the Claim rule template drop-down menu to Transform Incoming Claim.
17. From the Configure Claim Rule section, type the following Claim rule name: Transform email address as NameID.
Set the rule values:
- For Incoming claim type, select E-Mail Address.
- For Outgoing claim type, select Name ID.
- For Outgoing name ID format, select Email.
- Select Pass through all claim values.
18. At this point, you should be back at the Edit Claim Rules for HoxHunt window.
Click Apply, then OK.
19. Congratulations! You are all done.