This is a guide for configuring federated user authentication using ADFS as the Security Assertion Markup Language 2.0 Identity Provider to Perkbox as the Service Provider to establish user Single Sign On.

Abbreviations:  
Identity Provider (IdP)
Service Provider (SP)
Single Sign-On (SSO)
Security Assertion Markup Language (SAML)

Please note - Perkbox currently only support SP initiated SSO 

Get started: 

ON ADFS

  1. Go to the Add Relaying Party Trust Wizard and start 
  2. Select the third option 

3. Give the set up a name, something that shows its Perkbox

4. Select the first option, AD FS Profile


5. Click Next without selecting anything on the configure certificate screen

6. Select the second option 'Enable support for the SAML 2.0 Web SSO protocol and input this URL into the Relaying party SAML SSO Service URL field 

https://api.production.perkbox.services/sso/v1/provider/saml/callback

and click Next

On Perkbox

7. On your company's unique Perkbox URL website, open the single sign on settings page (you'll find this within 'sign up settings', in the admin panel)

  • The first field is the text that will appear on your user log in button
  • Upload your metadata file from ADFS
  • Under SAML Request Type section of Step 1
  • Check off Requires AuthNRequest box
  • under the SAML Request Name field, enter SAMLRequest
  • under the SAML Request Issuer field, this is a unique URL
  • First enter the URL, https://sso.perkbox.com/v1/provider/
  • Enable 'hide normal login form' option if you would like SSO to be the only log in method on your login page (although we don't recommend doing this until you have tested at least once)
  • Click the CONTINUE button
  • Under STEP 2 section, copy the unique string next to Value: (NOTE: ignore the URL next to Key:)
  • Click 'edit' to go back to the SAML Request Issuer field from Step 1 on the Perkbox platform
  • Append the string to the end of the URL under SAML Request Issuer field, e.g., https://sso.perkbox.com/v1/provider/YOUR_VALUE_FROM_STEP_2

Example: https://sso.perkbox.com/v1/provider/42cc20a3-2f65-2390-b5eb-2170b1cab999

  • Keep a note of this full URL and leave this page open

On ADFS

8. In put the URL from the previous step on Perkbox into the Relaying party trust identifier and click Add

9. The next three steps (Configure multi-factor authentication now, Choose Issuance Authorisation rules and Ready to Add Trust) are down to you, but we recommend you click Next on both of them for now and edit later if you need to

10. Leave the 'Open the Edit Claim Rules' option ticked and click Close to finish the wizard, it should open a new window 

11. Adding claims rules: you need to click Add rule 

12. Select Send LDAP Attributes as Claims from the Claim rule template 

13. Give the claim rules a name (this can be anything) and then follow the format in the screenshot below 

Note: the LDAP Attribute for the Name ID outgoing claim is used the unique identifier so please make sure its unique) 

The URL format for the other claims are as follows: 

https://sso.perkbox.co.uk/SAML/Attributes/User/Email : users email address

https://sso.perkbox.co.uk/SAML/Attributes/User/FirstName: users first name 

https://sso.perkbox.co.uk/SAML/Attributes/User/LastName: users last name

After this, you can click Finish, and then Apply and Ok

On Perkbox

14.  Upload the metadata file again to step one and then click continue

  • Click test and save 
  • Log out and test from the login screen

Did this answer your question?