To get you started we’ve outlined several steps that you’ll want to utilise when setting up your ADFS environment to integrate into Glasscubes. The entire process will be broken up into 3 stages and at the final stage we’ll run through and test to ensure everything is working with authentication.

Open your AD FS Management MMC Console.

Select Add Relying Party Trust.

Once the Wizard opens make sure you have Claims Aware selected and hit Start. NOTE: You may or may not see the Claims Aware selection screen. If you do not then proceed past this point.

In the Select Data Source screen select Enter data about the relying party manually and then hit Next.

Enter Glasscubes for the Display Name and then hit Next.

On the Configure Certificate screen hit Next.

On the Configure URL screen check the Enable support for the SAML 2.0 WebSSO protocol and enter https://[youraccount].glasscubes.com/sso/onelogin/consumer for the URL. < Replace [youraccount] with your subdomain URL of your glasscubes account > Hit Next.

On the Configure Identifiers screen enter https://[youraccount].glasscubes.com for the URL and then hit Add.

You should see the URL under the Relying party trust identifiers window below the URL input area. Hit Next once you’ve confirmed it’s there.

On the Access Control Policy screen ensure Permit Everyone is selected and hit Next.

On the Ready to Add Trust screen review all the information we imported in the previous steps and when you’re ready hit Next.

You should see the final screen saying The relying party trust was successfully added. Hit Close.

Go to Relying Party Trusts and then from there select your trust we previously created. Next hit Edit Claim Issuance Policy.

In the Issuance Transform Rules window that pop-ups hit Add Rule.
​

In the Add Transform Claim Rule Wizard ensure that Send LDAP Attributes as Claims is selected in the drop down menu. Hit Next.

In the Configure Rule window that comes up be sure to enter the Claim Rule Name (Enter whatever you would like). Select Active Directory as the attribute store. Enter at least the following attributes:

In the Issuance Transform Rules window that pop-ups hit Add Rule.

In the Add Transform Claim Rule Wizard ensure that Transform an Incoming Claim is selected in the drop down menu. Hit Next.

In the Configure Rule window that comes up be sure to enter the Claim Rule Name (Enter whatever you would like). Then enter the Incoming claim type as E-Mail Address. Followed by Outgoing claim type being Name ID and finally Outgoing name ID format being Persistent Identifier. Then hit Finish.

Hit Apply and then OK on the Issuance Transform Rules window that appears.

Congratulations! You’ve made it this far, so now’s the time to provide Glasscubes with the necessary information they’ll need to configure your SAML pieces on the Glasscubes account. We will be obtaining the ADFS Signing Certificate and the Federation Metadata XML.

To obtain the ADFS Signing Certificate you will fire want to Expand Service and then proceed to Certificates. This information is all located within the ADFS Management window.

Right click on the ADFS Signing Certificate and choose View Certificate.

Select the Details tab.

On the Details tab hit Copy To File.

On the Certificate Export Wizard window that appears hit Next.

Select Base-64 encoded X.509 (.CER) and hit Next.

Hit Browse and decide where you want to throw the certificate and name it. Hit Next.

On the Completing the Certificate Export Wizard hit Finish after reviewing.

Certificate export is finished now.

Next open a web browser and go to the following url:

https:///FederationMetadata/2007-06/FederationMetadata.xml

The above URL will download a FederationMetadata.xml file in your downloads folder. Locate it and open it in Internet Explorer. Once opened towards the top locate the EndpointReference and copy the entry embodied by the https:///adfs/ls/ tag.
​

Now that you’ve obtained the SAML URL and the Certificate please kindly send this information to enquiries@glasscubes.com and they will proceed to get SAML setup on the Glasscubes end. Once this process is completed you will receive an email noting it’s been done and then when you go to your Glasscubes account URL it’ll automatically redirect you to your ADFS screen.