Configuring Accudemia
1. Log into Accudemia.
2. Go to
Administration > Control Panel > User Accounts from the navigation menu at the top of the screen.
3. Scroll down to the SAML Single Sign-On section, and enable SSO by checking the box labeled "Enable SAML SSO."
The Identity Provider URL, Public Certificate, and Logout URL
need to be set for Accudemia so it knows where the users will be coming from and directed after they log out. Optionally, an error page could be set, as well as alternate ID use (if uploaded into Accudemia specifically for SSO).
4. Save this information by scrolling back to the top of the screen and clicking the
Save Changes
button.
5. Test to make sure it works.
Go to the portal that was set up for users and attempt to log in.
Configuring the IdP/SAML Server
To configure an Identity Provider (IdP), the Accudemia SAML Metadata is required. It can be found using the following link.
1. Copy all the metadata from the previous link, then paste it into the IdP.
2. Set the IdP up to send the user ID or alternate ID in the NameID field under the Subject tag.
It's important to note that the NameID doesn't have an attribute, but the tag that's defined under the Subject node/tag in the XML does.
The SAML authentication request should appear in a numbered sequence with the code in the following image.
- <saml:Subject>
- <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">111-11-1111</saml:NameID>
- ...
- </saml:Subject>
Configuring Active Directory Federation Services (ADFS)
To send the NameID in the Subject tag:
1. Go to AD FS Management and navigate to
Trust Relationships > Claims Provider Trusts, then right-click on the provider and select
Edit Claim Rules.
2. Click the
Add Rule button, and add the "employee number" and "Name ID to Name ID" rules.
3. Send the LDAP attribute as a claim by creating a rule of type "Send LDAP Attributes as Claims."
Set the desired attribute to authenticate from the AD. For example, the Employee Number.
4. Create "Transform an Incoming Claim" as a second rule.
5. Finally, transform the NameID to the Subject as a third rule.
For more information watch the following video.