This is a guide for configuring federated user authentication using ADFS as the Security Assertion Markup Language 2.0 Identity Provider to Perkbox as the Service Provider to establish user Single Sign On.
Please note - Perkbox currently only support SP initiated SSO
Abbreviations:
Identity Provider (IdP)
Service Provider (SP)
Single Sign-On (SSO)
Security Assertion Markup Language (SAML)
Please note - Perkbox currently only support SP initiated SSO
Get started:
ON ADFS
Go to the Add Relaying Party Trust Wizard and start
Select the third option
3. Give the set up a name, something that shows its Perkbox
4. Select the first option, AD FS Profile
5. Click Next without selecting anything on the configure certificate screen
6. Select the second option 'Enable support for the SAML 2.0 Web SSO protocol and input this URL into the Relaying party SAML SSO Service URL field
NB for Aus locations enter the url : https://api.production.us-west-2.perkbox.services/sso/v1/provider/saml/callback
and click Next
On Perkbox
Head to the Admin Dashboard
Access 'Login & Integrations' > 'Set up SSO'
7. On your company's unique Perkbox URL website, open the single sign on settings page (you'll find this within 'sign up settings', in the admin panel)
The first field is the text that will appear on your user log in button
Upload your metadata file from ADFS
Under SAML Request Type section of Step 1
Check off Requires AuthNRequest box
under the SAML Request Name field, enter SAMLRequest
under the SAML Request Issuer field, this is a unique URL
First enter the URL, https://sso.perkbox.com/v1/provider/
Enable 'hide normal login form' option if you would like SSO to be the only log in method on your login page (although we don't recommend doing this until you have tested at least once)
Click the CONTINUE button
Under STEP 2 section, copy the unique string next to Value: (NOTE: ignore the URL next to Key:)
Click 'edit' to go back to the SAML Request Issuer field from Step 1 on the Perkbox platform
Append the string to the end of the URL under SAML Request Issuer field, e.g., https://sso.perkbox.com/v1/provider/YOUR_VALUE_FROM_STEP_2
Keep a note of this full URL and leave this page open
On ADFS
8. In put the URL from the previous step on Perkbox into the Relaying party trust identifier and click Add
9. The next three steps (Configure multi-factor authentication now, Choose Issuance Authorisation rules and Ready to Add Trust) are down to you, but we recommend you click Next on both of them for now and edit later if you need to
10. Leave the 'Open the Edit Claim Rules' option ticked and click Close to finish the wizard, it should open a new window
11. Adding claims rules: you need to click Add rule
12. Select Send LDAP Attributes as Claims from the Claim rule template
13. Give the claim rules a name (this can be anything) and then follow the format in the screenshot below
Note: the LDAP Attribute for the Name ID outgoing claim is used the unique identifier so please make sure its unique)
The URL format for the other claims are as follows:
https://sso.perkbox.co.uk/SAML/Attributes/User/Email : users email address
https://sso.perkbox.co.uk/SAML/Attributes/User/FirstName: users first name
https://sso.perkbox.co.uk/SAML/Attributes/User/LastName: users last name
After this, you can click Finish, and then Apply and Ok
On Perkbox
14. Upload the metadata file again to step one and then click continue
Click test and save
Log out and test from the login screen