Setting up SSO with ADFS

hankej61751
edited 04/26/24 in Smartsheet Basics

Good Morning,

We are attempting to setup SSO with our ADFS environment and are running into issues.  Hoping someone might be able to help.  We are following the documentation found here: https://help.smartsheet.com/articles/2476141-configure-saml-sso

In our ADFS we added a new Replying Party trust and import that data about the relying party from a file (Right clicked XML link and saved the XML file). 

We get the message that some of the content in the federation metadat was skipped because it is not supported by ADFS.  Review the properties of the trust carefully before you save the trust to the ADFS configuration database.

We then give the new Relying Party a name, choose to not do multi factor authentication, permit all users to access this party and then add the trust to our ADFS.

I then edit the claim rules and add a Issuance Transform Rule.  The attribute store is Active Directory.  In the LDAP mapping I create the first mapping in the LDAP Attribute as the E-Mail-Addresses and this points to urn:oasis:names:tc:SAML:2.0:nameid‑format:persistent on the Outgoing Claim Type

The second attribute on LDAP is also Email Addresses and this points to the E-Mail Address Outgoing claim.

 

We have given the provider our metadata information.  When we go to our URL smartsheet.xyz.com our ADFS page comes up, but when we attempt to log in we are getting the error "Single Sign-on failed due to missing or invalid parameters.  Please double check......"

I'm not sure what I am suppose to do.  

Thank you for any help you might be able to provide.

 

Joe

Tags:

Comments

  • Hello Joe - 

    I was also setting adfs up last week and found your post when I was troubleshooting.  I basically did the exact same thing as you, just curious if you already found a solution?

    Thanks,

    Loren

  • Got some assistance from smartsheets and the claims rule is a single rule:

    E-Mail-Addresses to E-Mail Address

    Given-Name to Given Name

    Surname to Surname

    User-Principal-Name to Name ID

    Things started working right away after I updated the rule to match this.

    adfs.JPG