Setup relying party trust in AD FS
To allow EAA to redirect users to AD FS login portal for completing authentication, you need to setup EAA as an AD FS endpoint. This is done with relying party trust.
- From the AD FS Manager, select Relying Party Trusts folder and add a new trust.
- In the Add Relying Party Trust Wizard window select Enter data about the relying party manually.
- Click Next.
Select Specify Display Name tab. Complete these
- Display name. Enter a name, for example EAA-RPT
- Notes. Enter optional notes, for example EAA is relying party
- Skip Configure Certificate tab.
Select Configure URL tab. Complete these fields,
- Select Enable support for SAML 2.0 Web SSO protocol.
- Relying party SAML 2.0 SSO service URL. Enter URL as https://<eaa-idp-fqdn>/saml/sp/response where <eaa-idp-fqdn> is the FQDN for the AD FS IdP.
- Select Configure Identifiers tab. Enter the same value as previous step for Relying party trust identifiers, that is https://<eaa-idp-fqdn>/saml/sp/response
Select Choose Access Control Policy tab. You can
configure all users, users of a specific active directory, users of a specific
Note: The EAA administrator can add multiple attributes for different access control policies.
- Click Finish tab.
What you should see
To learn more visit the Microsoft documentation, Creating a relying party trust.