Setup relying party trust in AD FS

To allow EAA to redirect users to AD FS login portal for completing authentication, you need to setup EAA as an AD FS endpoint. This is done with relying party trust.

Relying party trust is a term used in Microsoft Windows Server system to identify service providers that can communicate with an AD FS endpoint. In this procedure, you configure EAA as an AD FS endpoint.

How to

  1. From the AD FS Manager, select Relying Party Trusts folder and add a new trust.
  2. In the Add Relying Party Trust Wizard window select Enter data about the relying party manually.
  3. Click Next.
  4. Select Specify Display Name tab. Complete these fields,
    1. Display name. Enter a name, for example EAA-RPT
    2. Notes. Enter optional notes, for example EAA is relying party
  5. Skip Configure Certificate tab.
  6. Select Configure URL tab. Complete these fields,
    1. Select Enable support for SAML 2.0 Web SSO protocol.
    2. Relying party SAML 2.0 SSO service URL. Enter URL as https://<eaa-idp-fqdn>/saml/sp/response where <eaa-idp-fqdn> is the FQDN for the AD FS IdP.
  7. Select Configure Identifiers tab. Enter the same value as previous step for Relying party trust identifiers, that is https://<eaa-idp-fqdn>/saml/sp/response
  8. Select Choose Access Control Policy tab. You can configure all users, users of a specific active directory, users of a specific group.
    Note: The EAA administrator can add multiple attributes for different access control policies.
  9. Click Finish tab.

What you should see

This completes adding EAA as a Relying party trust in AD FS using the Add Relying Party Trust Wizard.

Next steps

To learn more visit the Microsoft documentation, Creating a relying party trust.