- On your ADFS farm, open AD FS Management
- Click on Relying Party Trusts and then Add Relying Party Trust…
- Start the wizard when it appears.
- Choose to enter data manually and click next.
- Provide a name for your Relying Party Trust and click Next.
- Select AD FS profile (SAML 2.0) and click Next.
- Click next to bypass certificate configuration and move to configuring the URL.
- Enable support for SAML 2.0, enter the Assertion Consumer Service URL and click Next:
- US customers: https://www.scalyr.com/acs
- EU customers: https://eu.scalyr.com/acs
- DVUS customers: https://app.us1.dataset.com/acs
- Enter the Relying Party Trust identifier that includes the organization ID that was received from DataSet Support (for more information, see this page), click Add, and then click Next. Your identifier URI is as follows:
- US customers: https://www.scalyr.com/sp/MYORG where MYORG is your organization name
- EU customers: https://eu.scalyr.com/sp/MYORG where MYORG is your organization name
- DVUS customers: https://app.us1.dataset.com/sp?organization=MYORG where MYORG is your organization name
- Skip multi-factor authentication settings and click Next.
- Permit all users and click Next.
- Click Next and then Finish to complete the wizard while electing to open the claim rules editor on completion.
- You need to add two Claim Rules to the Relying Party Trust for DataSet. One claim rule is used to provide the email address and Name ID from your Active Directory and another is used to transform the Name ID into SAML 1.1 e-mail address format.
Click Add Rule…
- Choose Send LDAP Attributes as Claims and click Next.
- Name your Claim Rule, pick Active Directory for the attribute store, and map E-Mail Addresses as an LDAP attribute to outgoing claim types “email” and “AD FS 1.x E-Mail Address.” Click Finish when done.
When entering the attributes and claim types you will type in “email” and use the selector to choose all other values.
- Follow the guidance in the previous step to configure one more Claim Rule that converts the AD FS 1.x E-Mail Address to Name ID, preserving the format. It should look like the below.
Please sign in to leave a comment.