Who can use this capability
Owners and Administrators can enable SAML & SSO on their account.
Configuring ADFS for your user authentication into Brandfolder.
To setup ADFS with Brandfolder, you will need the following:
- An Active Directory instance where users have an email address attribute
- A metadata file from Brandfolder Support used for the import
- An SSL certificate to sign your ADFS login page and the fingerprint of that certificate
Setting up ADFS
Add a relying trust party
- Log in to the ADFS Server
- Right-click Relying Party Trust on the left side of the table.
- Select Add Relying Party Trust...
Configure the relying party trust wizard
- Select Start
- On the Select Data Source Screen, select Import data about this relying party from a file
- Select Browse and choose the Brandfolder metadata file.
- Importing this data will allow you to select Next to Configure Multi-factor Authentication Now - leave the defaults and choose Next
- On Choose Issuance Authorization Rules, select Permit all users
- The following screen will show an overview of your settings - select Next
- On the closing screen, select Close and open the Claim Rules Editor
Creating claim rules
- The Claims Rule editor will open automatically - to create a new Rule, select Add Rule
- Select Send LDAP Attributes as Claims and select Next
- On the following screen, set the LDAP Attribute to E-Mail-Addresses and set Outgoing Claim Type to E-Mail Address
- Click OK to save the rule
- Create another new rule by selecting Add Rule - select Transform an Incoming Claim from the dropdown
- On the following screen, select the following:
- E-mail Address as Incoming Claim Type
- Outgoing Claim Type as Name ID
- Outgoing Name ID Format as Email
- Leave the default of Pass through all claim values
7. Select OK the create the claim rule
Setting up a full-name claim
- Brandfolder recommends sending the first and last name along with the email address of the user
- Create another new rule by selecting Add Rule
- Set one LDAP Attribute to Surname and one to Given-Name
- Set the Outgoing Claim Type to Surname and one to Given-Name
- Select OK to create this rule, then OK again to complete the rules
Test the configuration
- At this point, the configuration can be tested
- Pease get in touch with firstname.lastname@example.org to complete the configuration