SSO configuration with ADFS (Active Directory) IdP

After you download the Tealium metadata file in Set up your SSO: Step 1, complete the following steps to configure ADFS (Active Directory) for use with Tealium SSO:

1. Launch the ADFS console.
2. Expand the Trust Relationships folder and select Relying Party Trust. In the Relying Party Trusts screen, click Add Relying Party Trust.

   

3. In the Select Data Source step, select Import data about the relying party from a file and upload the metadata file that you downloaded in Set up your SSO: Step 1.
4. In the Specify Display Name step, enter a descriptive name for your connection. For example, Tealium.

   

5. In the Choose Issuance Authorization Rules screen, select Permit all users to access this relying party.

   

6. Click Next to view a summary of your configuration.
7. Click Next. In the Finish step, ensure the Open the Edit Claim Rules dialog for this relying party trust when the wizard closes is checked.

   

8. After you close the setup wizard, the Edit Claim Rules configuration window will open. Click Add Rule.

   

9. In the Choose Rule Type step, select the Send LDAP Attributes as Claims claim rule template. This setting will gather only claims from the Active Directory. Click Next.

   

10. In the Configure Claim Rule step with the following settings:
    • Claim rule name: AD Attributes
    • Attribute store: Active Directory
    • E-mail-Addresses: email
    • SAM-Account-Name: Name ID

      

11. Click OK.
12. After you complete configuring your claim rule, you will return to the Relying Party Trust screen. Right-click the connection you just created to view the connection properties.
13. Click the Encryption tab and click Remove to download the encryption certificate.

    

14. Download the SAML metadata document for your ADFS federation server. You will use this file to complete the Tealium SSO configuration. The following is an example metadata URL: https://<yourservername>/FederationMetadata/2007-06/FederationMetadata.xml