Set up relying party trust in AD FS

Before you begin

Make sure that you set up AD FS as a third-party SAML identity provider, add Active Directory, and deploy an identity connector. For instructions, see Set up Active Directory Federation Services (AD FS) as a third-party SAML identity provider.

To allow Akamai Enterprise IdP to redirect users to the AD FS login portal for completing authentication, you need to setup Akamai Enterprise IdP as an AD FS endpoint. This is done with a relying party trust.

Relying party trust is a term used in Microsoft Windows Server system to identify service providers that can communicate with an AD FS endpoint. In this procedure, you configure Akamai Enterprise IdP as an AD FS endpoint.

To learn more about creating a relying party trust in AD FS, see the Microsoft documentation.

How to

  1. From the AD FS Manager, select the Relying Party Trusts folder and add a new trust.
  2. In the Add Relying Party Trust Wizard window, select Claims aware and click Next.
  3. In the Select Data Source window, select Enter data about the relying party manually, and click Next.
  4. Select Specify Display Name tab. Complete these fields:
    1. Display name. Enter a name. For example, IDP-RPT
    2. Notes. Enter optional notes. For example, IDP is relying party.
  5. Skip the Configure Certificate tab.
  6. Select Configure URL tab. Complete these fields:
    1. Select Enable support for SAML 2.0 Web SSO protocol.
    2. For the Relying party SAML 2.0 SSO service URL, enter the URL as https://<idp-fqdn>/saml/sp/response, where <idp-fqdn> is the FQDN of the IdP you created.
  7. Select the Configure Identifiers tab. Enter the same value as the previous step for Relying party trust identifiers. Enter https://<idp-fqdn>/saml/sp/response.
  8. Select the Choose Access Control Policy tab. You can configure all users, users of a specific active directory, and users of a specific group.
    Note: The ETP administrator can add multiple attributes for different access control policies.
  9. Click the Finish tab. This completes adding ETP as a Relying party trust in AD FS using the Add Relying Party Trust Wizard.

Next steps