SAML-based SSO in Microsoft Server 2016 AD

Before you begin

About this task

Use this procedure to set up SAML-based SSO in Microsoft Server 2016 AD.

Procedure

Go to your MS 2016 AD Server Manager.
To create a relying party trust as part of configuring partner organizations, select Relying Party Trust and follow the instructions.
To create a rule to send Lightweight Directory Access Protocol (LDAP) attributes as claims, select Create a Rule to Send LDAP Attributes as Claims and follow the instructions.
Follow these steps to create claim rules for Zero Trust Access (ZTA) applications as a service provider.

Note
Add claim rules for ZTA as a service provider in Identity Provider (IdP) windows server 2016.
1. Go to ADFS Manager > Relying party trust add claim issuance policy > Add Rule.
2. From the Select Rule Template screen, in the Claim Rule Template field, select Send Claim Using a Custom Rule.
3. Select Next.
4. Add this attribute rule as a custom rule: c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
  
  Note
  If you applied the rule successfully, you will receive a successful status.
5. Select ADFS > Service > Relying Party Trust > Edit Claim Insurance Policy.
6. Select Add Rule > OK.
7. From the Select Rule Template screen, in the Claim Rule Template field, select Send LDAP Attributes as Claims.
8. Select Next.
9. Add a Rule.
  
  Note
  If you applied the rule successfully, you will receive a successful status.
10. Select OK > Close.