Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Setting up the relying party

Updated on October 19, 2022

These instructions explain how to connect to the server that hosts AD FS version 2.0.

  1. Start the Microsoft Windows AD FS 2.0 Management program. You can find this program in this folder:C:\Program Files\Active Directory Federation Services 2.0\Microsoft.IdentityServer.msc
  2. Select Trust Relationships > Relying Party Trusts.
  3. Click Add Relying Party Trust.
  4. Click Start and follow the wizard.
  5. Select the Enter data about the relying party manually option and click Next.
  6. Enter a display name for the trust entry that represents Pega Robot Manager. Then click Next.
  7. Select the AD FS 2.0 profile, and click Next.
  8. On the AD FS Relying Party Trust wizard, click Browse and select the saved certificate. Then click Next.
  9. On the Configure URL panel, click Next.
  10. Enter the URL for Pega Robot Manager, including the environment and tenant name, into the Relying party trust identifier field and click Add, then Next. Here is an example: https://server.pega.com/prweb
  11. Click Next to go to the Choose Issuance Authorization Rules and Ready to Add Trust panels.
  12. Select the option to Open the Edit Claim Rules dialog, and click Close.
    You can also right-click the new relying trust party entry and click Edit Claim Rules.
  13. On the Issuance Transform Rules tab, click Add Rule.
  14. Select the Send LDAP Attributes as Claims claim rule template, and click Next.
  15. Enter a name for the claim rule, such as Email or User Principal Name or Dual.
  16. Select the Active Directory attribute store.
  17. Select the LDAP attribute for your claim rule type, such as E-Mail-Addresses or User-Principal-Name.
  18. Select the matching outgoing claim type, such as AD FS 1.x E-mail Address or AD FS 1.x UPN.
    Note: You can add a second row for the other claim type to support divergent sets of users where some have an email value and others have UPN (in AD or imported into Pega Robot Manager).
  19. Click Finish, then click OK.Result: You have now set up the relying part. Next, make sure that the connection is trusted.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us