Configure single sign-on with Microsoft Active Directory Federation Services

You can use Microsoft Active Directory Federation Services (ADFS) as an identity provider for users in Aha! based on SAML 2.0. You should first read about the general SAML support in Aha! The rest of this article will describe how to configure ADFS to communicate with Aha!

1. Welcome – press Start

2. Select Data Source – Federation metadata address: https://<company>; press Next. Note that the metadata URL will only work once SAML authentication is enabled in Aha! (yes, this is a bit of a catch-22). 

3. Specify Display Name – Display name: Aha!; press Next

4. Choose Issuance Authorization Rules – Permit all users to access this relying party; press Next

5. Ready to Add Trust – press Next

6. Finish – check Open the Edit Claim Rules dialog; press Close

7. On the Issuance Transform Rules tab, Press Add Rule...

8. Select the Send LDAP Attributes as Claims template, then press Next.

9. Give a name to the rule, select Active Directory as the attribute store, and add the following mappings:

LDAP Attribute Outgoing Claim Type
E-Mail-Addresses E-Mail Address
Given-Name Given Name
Surname Surname

Press OK.


10. On the Issuance Transform Rules tab, Press Add Rule... again.

11. Select the Transform an Incoming Claim template, press Next.


12. Give a name to the rule and make the following selections:

Incoming claim type: E-Mail Address
Outgoing claim type: Name ID
Outgoing name ID format: Email
Pass through all claim values 

Press OK.


Aha single sign-on setup for ADFS 2.0

1. Log into Aha! and go to Settings > Account > Security and single sign-on.

2. Identity Provider: SAML 2.0

3. Name: <your company name>

4. Metadata URL: <url to the metadata xml listed in AD FS 2.0 console>

            e.g. https://adfs.<company>.com/FederationMetadata/2007-06/FederationMetadata.xml


Thanks to Daniel Severin for providing these instructions.

Was this article helpful?
1 out of 1 found this helpful