Setting up the relying party
These instructions explain how to connect to the server that hosts AD FS version 2.0.
- Start the Microsoft Windows AD FS 2.0 Management program. You can find this
program in this folder:
C:\Program Files\Active Directory Federation Services 2.0\Microsoft.IdentityServer.msc
- Select Trust Relationships > Relying Party Trusts.
- Click Add Relying Party Trust.
- Click Start and follow the wizard.
- Select the Enter data about the relying party manually option and click Next.
- Enter a display name for the trust entry that represents Pega Robot Manager. Then click Next.
- Select the AD FS 2.0 profile, and click Next.
- On the AD FS Relying Party Trust wizard, click Browse and select the saved certificate. Then click Next.
- On the Configure URL panel, click Next.
- Enter the URL for Pega Robot Manager, including the environment and tenant
name, into the Relying party trust identifier field and
click Add, then Next. Here is an
- Click Next to go to the Choose Issuance Authorization Rules and Ready to Add Trust panels.
- Select the option to Open the Edit Claim Rules dialog,
and click Close.You can also right-click the new relying trust party entry and click Edit Claim Rules.
- On the Issuance Transform Rules tab, click Add Rule.
- Select the Send LDAP Attributes as Claims claim rule template, and click Next.
- Enter a name for the claim rule, such as Email or User Principal Name or Dual.
- Select the Active Directory attribute store.
- Select the LDAP attribute for your claim rule type, such as E-Mail-Addresses or User-Principal-Name.
- Select the matching outgoing claim type, such as AD FS 1.x E-mail
Address or AD FS 1.x UPN.
Note: You can add a second row for the other claim type to support divergent sets of users where some have an email value and others have UPN (in AD or imported into Pega Robot Manager).
- Click Finish, then click
Result: You have now set up the relying part. Next, make sure that the connection is trusted. Previous topic Setting up a relying party in AD FS Next topic Ensuring that the connection is trusted