Microsoft ADFS SSO
Enable Microsoft ADFS Single Sign On (SSO) for your Squadcast organisation
Squadcast supports SAML 2.0-based Single Sign-On (SSO) login for Microsoft Active Directory users and you can set it for your organization by following this integration guide.
- 1.Account Owner / Administrator account in Squadcast
- 1.Login to
app.squadcast.comand navigate to the Settings > Extensions. Click the Configure button under SSO.
2. In the opened modal, select the Custom SAML 2.0 tab and click Show configuration guide for Custom SAML 2.0.
3. As given in the displayed guide, copy the ACS URL. Then log in to your server and go to
4. Go to
5. Click on
Add Relying Party Trust.
Claims Awareand click
Enter data about the relying party manuallyand click
8. Enter the
Display name. Click
Configure Certificateand click
Enable Support for the SAML 2.0 Web SSO protocol. Enter the ACS URL you copied from Squadcast. Click
11. Paste the ACS URL in
Relying on party trust identifier. Click
Add. Then click
Access Control Policy. Click
Ready to Add Trust. Click
Next. Then Click
Edit Claim Insurance Policy.
Send LDAP Attributes as Claims. Click
17. Give a name. Select Attribute Store as
Active Directory. And map LDAP attributes to Outgoing Claim Type as shown below. Map
18. Then Click
Add Rule. Select
Send Claims using Custom Rule. Click
19. Give a
Claim rule name. And enter the following
Custom rule. Click
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"]
=> issue(Type = "last_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
20. Repeat the Above step and add two more custom rules. Following are the two rules.
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"]
=> issue(Type = "first_name", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
=> issue(Type = "email", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
22. Again, using the
Edit Claim Rulewizard, add a rule using the template.
Transform an incoming claimof type Email Address with Outgoing Claim Type Name ID and Outgoing Name ID Format as Email, passing through all claim values.
23. In your ADFS management dashboard. Go to
Token Signing Certificateand Click
View Certificate. Go to
Details->Copy to Fil
eand export the Der encoded binary X.509 certificate.
24. Now convert the
.cerfile to a
.pemfile using the following command in Powershell.
openssl x509 -inform der -in certificatename.cer -out certificatename.pem
25. Open the .pem file in a text editor. Copy the contents and paste them into Squadcast under
X.509 Certificate. Then enter the
Saml 2.0Endpoint as https:///adfs/ls
27. ADFS SSO is now configured. To test it you can go to https:///adfs/ls/idpinitiatedsignon. Select Your application and sign in with your user account. You will be logged in to Squadcast and a user will be created.