In this tutorial we will configure ADFS using the metadata provided by the Udemy for Business team, or the metadata downloaded from PingOne.
If you don't have the metadata from the Udemy for Business team, or you're not sure how to download them, please refer to this article.
You can configure ADFS by following the steps outlined below:
1. The first step to configure the ADFS IDP side, is to launch the ADFS 2.0 console.
2. Under “Trust Relationships > Relying Party Trusts”, add a new Relying Party Trust. This will launch a wizard.
3. Next, you will be prompted to import the PingOne metadata file that was downloaded (see above).
Give the connection a name (ie: PingOne).
4. Choose the issuance rules (ie: permit all).
5. Click “Next” to view the summary and complete the wizard.
6. Leave the “Open the Edit Claim Rules…” option selected and finish the wizard.
7. This will launch the “Edit Claim Rules” configuration utility.
8. This example will only gather claims from Active Directory to present to PingOne.
9. Configure a basic claim set.
The Udemy for Business instance of PingOne supports the following attributes (all attributes are case sensitive).
- SCIM.email the unique email of the user
- SCIM.name.givenName the given (or first) name of the user
- SCIM.name.middleName the middle name (if any) of the user
- SCIM.name.familyName the family (or last) name of the user
- SCIM.name.formatted the fully formatted name of the user
- groups the list of groups to which user belongs
- externalID the user ID specified by customer
10. After configuring the claims, back on the ADFS 2.0 Relying Party Trusts window, right-click the PingOne connection and view the properties for the connection. Navigate to the Encryption tab and “Remove” the encryption certificate.
11. That will complete the ADFS configuration. Next, you should download the metadata and send it to the Udemy for Business team.
The Federation Metadata can be found at:
https://<ADFS server name>/FederationMetadata/2007-06/FederationMetadata.xml
Below are links to additional information regarding Ping Identity documentation and ADFS: