Configuring ADFS as an identity provider
Use this task to configure Microsoft active Directory Federation Services as the identity provider to IBM® Security Verify.
Procedure
-
Obtain the service provider information from IBM Security Verify.
You need this file when you create the ADFS Relying Party Trust.
- Log in to the Verify administration console.
- Click Settings > Identity Sources > Add Identity Source.
- Download the SAML 2.0 service provider metadata file. Click Download File under Step 2 and save the file for later use.
-
Locate the metadata export URL for ADFS.
- Log in to the ADFS server and open the management console.
- In the AD FS folder, expand Services and click Endpoints.
-
Locate the FederationMetadata.xml file.
-
Use a browser to navigate to that URL on the ADFS server and download the file.
For example, https://localhost/FederationMetadata/2007-06/FederationMetadata.xmlAccept any certificate warnings. In most browsers, a file that is called FederationMetadata.xml is downloaded to the default downloads folder. The file is approximately 70 KB on ADFS 3.0 on Windows Server 2012 R2.
- Go to the ADFS Management Console.
-
Start the Relying Party Trust Wizard.
- Click Trust Relationships in the AD FS folder.
-
Click Add Relying Party Trust from the Actions
menu.
- Click Start.
-
Import the SAML metadata file that you downloaded from Verify.
-
On the Select Data Source window, select Import data about the
relying party from a file.
-
Enter the location of the Verify metadata file.
Use Browse to locate and select the metadata file that you downloaded.For example, z:/abcxyz.verify.ibm.com_metadata.xml
- Click Next.
-
On the Select Data Source window, select Import data about the
relying party from a file.
- Type a descriptive display name for the trust and any additional information.
- Click Next.
-
Do not configure multi-factor authentication (MFA).
Ensure that the I do not want to configure multi-factor authentication settings for this relying party trust at this time option is selected.
- Click Next.
-
Set up the authorization policy.
Ensure that Permit all users is selected.
- Click Next.
- Click Next.
-
Leave the default selection for editing claim rules checked and click
Close.
The Edit Claims Rules window opens.