How to Set Up Single Sign-on With AD FS

AD FS is a standards-based service, by Microsoft, that allows the secure sharing of identity information between trusted business partners. Oktopost supports single sign-on (SSO) logins through SAML 2.0. A SAML 2.0 identity provider (IDP) can take many forms, one of which is a self-hosted Active Directory Federation Services (AD FS) server.

Requirements

To use AD FS to log in to Oktopost, you need the following components:

  • An Active Directory instance where all users have an email address attribute.
  • An Oktopost instance with single sign-on enabled.
  • A server running Microsoft Server 2012 or 2008.
  • An SSL certificate to sign your AD FS login page and the fingerprint for that certificate.

Adding a Relying Party Trust

The first step in setting the connection between AD FS and Oktopost is to add a new Relying Party Trust to AD FS.

Select the Relying Party Trusts folder from AD FS Management, and add a new Standard Relying Party Trust from the Actions sidebar. This starts the configuration wizard for a new trust.


On Select Data Source, select the last option: Enter Data About the Party Manually.


On the next screen, enter a Display name that you'll recognize in the future, and any notes you want to make.


On the next screen, select the AD FS profile radio button.


On the next screen, leave the default certificate settings and click Next.


On the next screen, check Enable Support for the SAML 2.0 WebSSO protocol. The service URL should be https://app.oktopost.com/auth/acs.


On the next screen, add https://app.oktopost.com as the Relying party trust identifier.


On the next screen, you may configure multi-factor authentication but this is beyond the scope of this article.


On the next screen, check the Permit all users to access this relying party radio button.


On the next two screens, the wizard will display an overview of your settings. On the final screen use the Close button to exit and open the Claim Rules editor.


Creating Claim Rules

Once the relying party trust has been set up, you need to create a default claim rule that maps your users' email addresses to the Name ID attribute.

To create a new rule, click on Add Rule.


Select Send LDAP Attributes as Claims as the Claim rule template.


On the next screen, select E-mail Address under the LDAP Attribute column, and Name ID under Outgoing Claim Type. Note that the LDAP Attribute value may differ depending on where the email addresses are stored in your AD FS instance.


Once you're done, click on OK to save the new rule. You should now have a working Relying Party Trust for Oktopost.

Configure Oktopost

After setting up AD FS, you need to configure Oktopost to authenticate using SAML. 

Go to App Settings → Single sign-on, and enable single sign-on. Then, enter the following information:

  • SAML Endpoint, enter your full AD FS server URL: https://adfs.yourcompany.com/adfs/ls/.
  • Issuer URL, enter your Replying Party Trust URL: http://adfs.yourcompany.com/adfs/services/trust
  • X.509 Certificate, upload your AD FS certificate.

You should now have a working AD FS single sign-on implementation for Oktopost.

Integrations

  1. How to Set Up The Marketo Integration
  2. How to Set up Social Insights for Salesforce
  3. Salesforce Insights Data and Reports
  4. How to Set up Data Sync for Salesforce
  5. How to Set Up The Social Advocacy Package For Salesforce
  6. How to Set Up The Eloqua Integration
  7. How to Set Up the HubSpot Integration
  8. How to Set Up The Salesforce Integration
  9. How to Set Up The Mautic Integration
  10. How to Set Up the Bitly Integration
  11. How to Set Up the Feedly Integration
  12. How to Set Up the Act-On Integration
  13. Feedly Custom Sharing with Oktopost
  14. Act-On Integration: Segmenting Lists Using Social Data
  15. Act-On Integration: Social Lead Scoring
  16. Conversion Tracking With Marketo Forms 2.0
  17. Marketo Integration: Lead Segmentation
  18. Marketo Integration: Interesting Social Moments
  19. How to Set Up the Salesfusion Integration
  20. How to Set Up the Pardot Integration
  21. Setting up the Google Analytics integration
  22. How to Set Up the Facebook Retargeting Integration
  23. How to Create a Facebook Audience Based on Social Behavior
  24. Attributing Social to Leads in Marketo
  25. Webhooks
  26. How to Connect Oktopost to Zapier
  27. How to Create Salesforce Cases From Assignments
  28. Setting up Integration Assets
  29. Social Click URLs
  30. Salesforce Campaign Naming Parameters Guide
  31. How to Track Conversion on HubSpot Embedded Forms
  32. How to Track Conversion on Pardot Forms
  33. How to Track Conversions on Act-On Labs Forms
  34. How to Set Up Single Sign-on With AD FS
  35. How to Set Up Single Sign-on With Okta
  36. How to Set Up Single Sign-on With OneLogin
  37. How to Set Up Single Sign-on With Google Apps
  38. How to Set Up The Facebook Lead Ads Integration

Feedback and Knowledge Base