Configuring an ADFS claim rule for SSO
Authentication of an SSO-enabled Skytap user with Active Directory Federation Services (ADFS) requires a properly configured claim rule in the ADFS. If not properly created, the following error displays when the user attempts to sign in using SSO:
To correctly configure the claim rule using Microsoft ADFS Server
- Under Relying Party Trusts click Skytap/PingOne Connection. (This should have been previously created using the “pingone-metadata-sp.xml” file provided by support.)
- Under Actions, click Edit Claim Rules to view the list of rules for the Skytap/PingOne Relying Party Trust Connection:
- On the Issuance Transform Rules tab, click Edit Rule to correct an existing claim rule. If none exists, click Add Rule to add a new one:
- Edit or create a claim rule mapping the user-principal-name to the
NameID
outgoing claim type. - Click OK to save the new claim rule.