Applies to

  • Brandfolder


Who can use this capability

Owners and Administrators can enable SAML & SSO on their account.


Configure ADFS for your user authentication into Brandfolder.


  • Brandfolder


Owners and Administrators can enable SAML & SSO on their account.

Set up ADFS

To setup ADFS with Brandfolder, you will need the following:

  • An Active Directory instance where users have an email address attribute
  • A metadata file from Brandfolder Support used for the import
  • An SSL certificate to sign your ADFS login page and the fingerprint of that certificate

Add a relying trust party 

  1. Log in to the ADFS Server
  2. Right-click Relying Party Trust on the left side of the table.
  3. Select Add Relying Party Trust...

 Configure the relying party trust wizard

  1. Select Start
  2. On the Select Data Source Screen, select Import data about this relying party from a file
  3. Select Browse and choose the Brandfolder metadata file. 
  4. Importing this data will allow you to select Next to Configure Multi-factor Authentication Now - leave the defaults and choose Next
  5. On Choose Issuance Authorization Rules, select Permit all users
  6. The following screen will show an overview of your settings - select Next
  7. On the closing screen, select Close and open the Claim Rules Editor

Creating claim rules

  1. The Claims Rule editor will open automatically - to create a new Rule, select Add Rule
  2. Select Send LDAP Attributes as Claims and select Next
  3. On the following screen, set the LDAP Attribute to E-Mail-Addresses and set Outgoing Claim Type to E-Mail Address 
  4. Click OK to save the rule
  5. Create another new rule by selecting Add Rule - select Transform an Incoming Claim from the dropdown
  6. On the following screen, select the following:
    • E-mail Address as Incoming Claim Type
    • Outgoing Claim Type as Name ID
    • Outgoing Name ID Format as Email
    • Leave the default of Pass through all claim values

7. Select OK the create the claim rule

Set up a full-name claim

  1. Brandfolder recommends sending the first and last name along with the email address of the user
  2. Create another new rule by selecting Add Rule
  3. Set one LDAP Attribute to Surname and one to Given-Name
  4. Set the Outgoing Claim Type to Surname and one to Given-Name
  5. Select OK to create this rule, then OK again to complete the rules

Test the configuration

  1. At this point, the configuration can be tested
  2. Pease get in touch with to complete the configuration
Was this article helpful?