Microsoft ADFS SSO
Squadcast supports SAML 2.0 based Single Sign On (SSO) login for Microsoft Active Directory users and you can set it for your organisation by following this integration guide.
Account Owner / Administrator account in Squadcast
A valid Squadcast subscription (Enterprise)
1. Only an Administrator / Account owner can enable and configure Microsoft ADFS SSO for an organisation in Squadcast.
2. Once enabled, only the Account owner can use email-password based login by default although it can be configured to enable email based login for Administrators as well.
1.Go to the
Integrations tab from your Squadcast account sidebar and click on Integrate under SSO card.
2.In the opened modal, select the Custom SAML 2.0 tab and click Show configuration guide for Custom SAML 2.0.
3.As given in the displayed guide, copy the ACS url . Then log in to your server and go to
Add Relying Party Trust.
Claims Aware and click
Enter data about the relying party manually and click
Display name. Click
Configure Certificate and click
Enable Support for the SAML 2.0 Web SSO protocol. Enter the ACS url you copied from Squadcast. Click
11.Paste the ACS url in
Relying party trust identifier. Click
Add. Then click
Access Control Policy. Click
Ready to Add Trust. Click
Next. Then Click
Edit Claim Insurance Policy.
Send LDAP Attributes as Claims. Click
17.Give a name. Select Attribute Store as
Active Directory. And map LDAP attributes to Outgoing Claim Type as shown below. Map
Given Name and
Add Rule. Select
Send Claims using Custom Rule. Click
Claim rule name. And enter the following
Custom rule. Click
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"] => issue(Type = "last_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
20.Repeat the Above step and add two more custom rules. Following are the two rules.
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"] => issue(Type = "first_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type = "email", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
Make Sure the user accounts to be used for SSO have first name, last name and email configured.
22.In your ADFS management dashboard.Go to
Token Signing Certificate and Click
View Certificate. Go to
Details->Copy to File and and export the Der encoded binary X.509 certificate.
23.Now convert the
.cer file to a
.pem file using the following command in Powershell.
openssl x509 -inform der -in certificatename.cer -out certificatename.pem
24.Open the .pem file in text editor. Copy the contents and paste it in Squadcast under
X.509 Certificate. Then enter the
Saml 2.0 Endpoint as **https://
SSO and click
26.ADFS SSO is now configured. To test it you can go to **https://