In this tutorial, we’re going to show you how to set up ADFS SAML SSO authentication on Flipsnack.

ADFS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials. We provide other SSO integration solutions, such as Azure OpenId, Azure SAML, both of which are also Microsoft solutions

That being said, here are some of the many benefits of integrating Flipsnack with ADFS SAML:

  • You can control who has access to Flipsnack through ADFS

  • You can enforce the SSO access for all your company's accounts registered on Flipsnack

  • You get a more secure authentication for your employees, so that you can control and manage all accounts through the SSO.

Prerequisites

To configure ADFS SAML integration with Flipsnack, you’ll first need:

  • Admin-level access on Flipsnack, in order to be able to access the SSO settings

  • An Active Directory instance where all the users that will use Flipsnack have an account, with email address. We don’t create user accounts under SSO.

Instructions

Adding a new relying party trust

The connection between ADFS and Flipsnack is defined using a relying party trust.

  1. Log in to the server where ADFS is installed.

  2. Launch the ADFS Management application and click Add Relying Party Trust.

  3. Select the Claims aware option and click Start.

  4. On the Select Data Source screen, click Enter data about the relying party manually and click Next.

  5. Provide information for each screen in the Add Relying Party Trust Wizard.

    1. On the Specify Display Name screen, enter a Display name (e.g. Flipsnack SSO) and some notes, if you wish.

    2. Skip the Configure Certificate screen by clicking Next.

    3. On the Configure URL, select the checkbox labeled Enable Support for the SAML 2.0 WebSSO protocol.

      Please enter this URL in the corresponding field, as you can see in the screenshot below: https://www.flipsnack.com/accounts/sign-in-sso.html.

      After you have completed the URL click Next.

    4. On the Configure Identifiers screen, enter the Relying party trust identifier. Add the following URL: https://www.flipsnack.com.

      After you have completed the URL click Next.

    5. On the Choose access control policy screen you have a list with access control options and a short description for each option. Choose the right option for you, depending on how and who will be using Flipsnack from your company.

    6. On the Ready to Add Trust screen, click Next.

    7. You can check Configure claims issuance policy for this application or you can add it later.

Creating Claim Issuance Policy

When a relying party trust has been created, you have the option to define Issuance Transform Rules to customize settings.

  1. If the Claim Issuance Policy editor appears click Add Rule. Otherwise, in the Relying Party Trusts list, select the relying party object that you created, click Edit Claim Issuance Policy, and then click Add Rule in the Issuance Transform Rules tab.

  2. Select Send LDAP Attributes as Claims template in the Claim rule template list, and click Next.

  3. In the Configure Rule section set the following:

a) Claim rule name: write a descriptive name

b) Attribute store: Active Directory

c) Add the following mapping:

i) LDAP Attribute: E-Mail-Address

ii) Outgoing Claim Type: Name ID

4. Click Finish, and then OK to finalize settings.

This setup was tested with Windows Server 2019. Depending on your Windows version you may have to adjust a few settings on your relying party trust (e.g. Secure hash algorithm to SHA-256, choosing POST for Binding in Endpoints etc). If that is the case please contact our support team, and we will try to help you with the right setup.

Configure SAML in Flipsnack

1. Go to Flipsnack SSO settings.

2. Enable SSO, Select ADFS identity provider, and SAML protocol. The Login URL and Identifier must be copied from ADFS.

3. Copy/paste the following:

Login URL -> Identity Provider Single Sign-On URL

https://example.com/adfs/ls/idpinitiatedSignOn.aspx

Identifier -> Identity Provider Issuer.

http://example.com/adfs/services/trust

4. Click Save Changes. Now your integration between Flipsnack and ADFS SAML SSO is completed.

If you need help in setting up ADFS SAML SSO with Flipsnack, please contact our support team via live chat. They will be able to forward your request to our tech team.

Did this answer your question?