ADFS

Configure ADFS for your user authentication in Brandfolder.

Who can use this?

Plans:

  • Brandfolder

Permissions:

Owners and Administrators can enable SAML & SSO on their account.

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

Set up ADFS

To set up ADFS with Brandfolder, you need:

  • An Active Directory instance where users have an email address attribute.
  • A metadata file from Brandfolder Support used for the import.
  • An SSL certificate to sign your ADFS login page, and the fingerprint of that certificate.

Add a relying trust party 

  1. Log in to the ADFS Server.
  2. Right-click Relying Party Trust on the left side of the table.
  3. Select Add Relying Party Trust...

 Configure the relying party trust wizard

  1. Select Start.
  2. On the Select Data Source Screen, choose Import data about this relying party from a file.
  3. Pick Browse and choose the Brandfolder metadata file. 
  4. Importing this data allows you to select Next to Configure Multi-factor Authentication Now - leave the defaults, and choose Next.
  5. On Choose Issuance Authorization Rules, select Permit all users.
  6. The following screen shows an overview of your settings. Then, select Next. 
  7. On the closing screen, pick Close, and open the Claim Rules Editor.

Creating claim rules

  1. The Claims Rule editor opens automatically. To create a new Rule, select Add Rule.
  2. Select Send LDAP Attributes as Claims and select Next.
  3. On the screen, set the LDAP Attribute to E-Mail-Addresses and set Outgoing Claim Type to E-Mail Address.
  4. Choose OK to save the rule.
  5. Create another new rule by selecting Add Rule. Then, select Transform an Incoming Claim from the dropdown.
  6. On the following screen, choose the following:
  • E-mail Address as Incoming Claim Type.
  • Outgoing Claim Type as Name ID.
  • Outgoing Name ID Format as Email.
  • Leave the default of Pass through all claim values.

7. Select OK to create the claim rule.

Set up a full-name claim

  1. Brandfolder recommends sending the first and last name along with the email address of the user.
  2. Create another new rule by selecting Add Rule.
  3. Set one LDAP Attribute to Surname and one to Given-Name.
  4. Set the Outgoing Claim Type to Surname and one to Given-Name.
  5. Select OK to create this rule, then OK again to complete the rules.

Test the configuration

  1. Now the configuration can be tested.
  2. Contact support@brandfolder.com to complete the configuration.