Tutorials
      Back to home
      1. | Help Center
      2. Tutorials & Others
      3. Tutorials

      How to set up ADFS SAML SSO with Flipsnack

      Learn step by step how to set up Microsoft ADFS SAML Single Sign On

      ADFS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory credentials. We provide other SSO integration solutions, such as Azure OpenId, and Azure SAML, both of which are also Microsoft solutions.

      Table of contents:

      Adding a new relying party trust

      Creating Claim Issuance Policy

      Configure SAML in Flipsnack

      That being said, here are some of the many benefits of integrating Flipsnack with ADFS SAML:

      • You can control who has access to Flipsnack through ADFS

      • You can enforce the SSO access for all your company's accounts registered on Flipsnack

      • You get a more secure authentication for your employees so that you can control and manage all accounts through the SSO.

      Prerequisites

      To configure ADFS SAML integration with Flipsnack, you’ll first need:

      • Admin-level access on Flipsnack, in order to be able to access the SSO settings

      • An Active Directory instance where all the users that will use Flipsnack have an account with an email address. We don’t create user accounts under SSO.

      Instructions

      Adding a new relying party trust

      The connection between ADFS and Flipsnack is defined using a relying party trust.

      1. Log in to the server where ADFS is installed.

      2. Launch the ADFS Management application and click Add Relying Party Trust.

        Adding new relying party trust

      3. Select the Claims aware option and click Start.

        Choosing the Claims aware option

      4. On the Select Data Source screen, click Enter data about the relying party manually and click Next.

        Selecting the data about the relying party manually

      5. Provide information for each screen in the Add Relying Party Trust Wizard.

        1. On the Specify Display Name screen, enter a Display name (e.g. Flipsnack SSO) and some notes, if you wish.

          Specifying the display name

        2. Skip the Configure Certificate screen by clicking Next.

          Configuring the certificate

        3. On the Configure URL, select the checkbox labeled Enable Support for the SAML 2.0 WebSSO protocol.

          Please enter this URL in the corresponding field, as you can see in the screenshot below: https://www.flipsnack.com/accounts/sign-in-sso.html.

          After you have completed the URL, click Next.

          Configuring the URL

        4. On the Configure Identifiers screen, enter the Relying party trust identifier. Add the following URL: https://www.flipsnack.com.

          After you have completed the URL, click Next.

          Setting the configure identifiers
          Configuring the identifiers and hitting the next button

        5. On the Choose access control policy screen, you have a list of access control options and a short description for each option. Choose the right option for you, depending on how and who will be using Flipsnack from your company.

          Choosing the access control policy

        6. On the Ready to Add Trust screen, click Next.

          Ready to add Trust option

        7. You can check the Configure claims issuance policy for this application or add it later.

          Checking the Configure claims issuance policy

      Creating Claim Issuance Policy

      When a relying party trust has been created, you have the option to define Issuance Transform Rules to customize settings.

      1. If the Claim Issuance Policy editor appears, click Add Rule. Otherwise, in the Relying Party Trusts list, select the relying party object that you created, click Edit Claim Issuance Policy, and then click Add Rule in the Issuance Transform Rules tab.

        Choosing the edit claim inssuance policy
        Adding the tule in Issuance policy for Flipsnack SSO

      2. Select Send LDAP Attributes as Claims template in the Claim rule template list, and click Next.

        Selecting the Send LDAP Attributes

      3. In the Configure Rule section, set the following:

      a) Claim rule name: write a descriptive name

      b) Attribute store: Active Directory

      c) Add the following mapping:

      i) LDAP Attribute: E-Mail-Address

      ii) Outgoing Claim Type: Name ID

      Adding the configuration rules

      4. Click Finish, and then OK to finalize settings.

      Finishing setting up the claim issuance policy for Flipsnack SSO

      This setup was tested with Windows Server 2019. Depending on your Windows version, you may have to adjust a few settings on your relying party trust (e.g. Secure hash algorithm to SHA-256, choosing POST for Binding in Endpoints, etc). If that is the case, please contact our support team, and we will try to help you with the proper setup.

      Configure SAML in Flipsnack

      1. Go to Flipsnack SSO settings.

      2. Enable SSO and the SAML protocol. The Login URL and Identifier must be copied from ADFS.

      3. Copy/paste the following:

      Login URL -> Identity Provider Single Sign-On URL

      https://example.com/adfs/ls/idpinitiatedSignOn.aspx

      Identifier -> Identity Provider Issuer.

      http://example.com/adfs/services/trust

      Important: Please use HTTP, not HTTPS, when adding the identifier. Otherwise, you will receive an "Invalid user" error message. 

      4. Click Save Changes. Now your integration between Flipsnack and ADFS SAML SSO is completed.

      Integration between Flipsnack and ADFS SAML SSO in Flipsnack

      Please contact our support team via live chat if you need help setting up ADFS SAML SSO with Flipsnack. They will be able to forward your request to our tech team.