Configuring Microsoft Active Directory Federation Services for Refapp SSO

This article will guide you through the steps for configuring Microsoft Active Directory Federation Services for your company account in Refapp.

Configuring Microsoft Active Directory Federation Services for Refapp SSO

1. Open the Refapp Company Setting page.
2. Specify your wanted SAML Identity ID (or leave it blank) and save the settings.
3. Click the “Download SAML Service Provider Metadata” button.
4. Open the ADFS management console. This can be done from Server Manager as shown below:
5. Click the button on the right for Add a Relying Party Trust.
6. This opens a wizard for the trust with a welcome screen describing the feature. Review the description and click Start to begin.
7. Import the SAML Provider Metadata file you downloaded previously.
8. Provide a display name for the Trust, “Refapp” or something similar is recommended and click Next.
9. Finish the rest of the steps.
10. We recommend two Claim Rules for brokering the SAML assertions. They can be added by first clicking the Add Rule button.
11. This first rule is an LDAP Attributes rule that ensures the required information is passed between the two systems. Configure the rule as shown below and click OK to save. (Make sure to use three separate fields for “E-Mail-Addresses, Given-Name, and Surname” or else some relevant info may be left as “None” later on.)
12. The second rule is a Transform rule. Refapp specifies urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress for the Format of the NameIDPolicy in Assertion Requests where ADFS natively expects these in Name ID format so we need to transform the format from email to Name ID. Select Transform an Incoming Claim from the drop-down and click Next to continue.
13. Input the configuration as shown below and click Finish. 
14. Save the new claim rules by clicking OK.

Save the new claim rules by clicking OK.