MicroStrategy ONE

Configuring ADFS on a Server

To use ADFS as your service provider, you must configure an instance on a server using the ADFS administration tool.

The following steps contain only the information required to configure or use Microsoft ADFS with MicroStrategy Identity. See Microsoft's documentation for the latest information.

An SSL certificate that is signed by a third-party must be installed on the ADFS server.

To Configure the ADFS Server

  1. Create a role-based or feature-based installation.
  2. Select your ADFS server.
  3. Select the following roles:
    • Active Directory Federation Services
      • Federation Services
    • File and Storage Services
      • Storage Services
    • Web Server (IIS)
      • Web Server
      • Management Tools
        • IIS Management Console
  4. Select the following features:
    • .NET Framework 3.5 Features
      • .NET Framework 3.5
    • .NET Framework 4.5 Features
      • .NET Framework 4.5
      • ASP>NET 4.5
      • WCF Services
  5. To create a federation service, select a stand-alone federation server.
  6. Select your federation service name. The federation name is read from the Subject field of the SSL certificate installed on the server. To add a trusted relying party, manually enter data about the relying party.
  7. Enter the display name for the relying party.
  8. Create an ADFS profile.
  9. Enable support for the WS-Federation Passive protocol.
  10. To connect your Relying party WS-Federation Passive protocol, enter the URL to your Microsoft SharePoint web application and add /_trust at the end. For example, enter https://www.example.com/_trust.
  11. To choose the issuance authorization rules, permit all users to access the relying party.
  12. To edit the claim rules, add a new rule.
    1. Select the Send LDAP Attributes as the Claims Template.
    2. enter Active Directory as the Claim Rule Name.
    3. Select Active Directory as the attribute store.
    4. Select E-Mail Addresses as an LDAP attribute, and then select Email Address as the corresponding Outgoing Claim Type.
    5. Select Token-Groups - Unqualified Names as an LDAP attribute, and then select Role as the corresponding Outgoing Claim Type.
  13. To copy the ADFS certificate, in ADFS, view the details of the token-signing certificate.
  14. Copy the certificate to file and make sure to save the certificate as a DER Encoded Binary X.5909 (*.cer) file.

  15. Copy the certificate file to the certificate folder on your Microsoft SharePoint or Microsoft Exchange server.

    The default certificate folder is C:\certs\.

Related Topics

Specifying Active Directory Federation Services (ADFS) as Your Service Provider

Importing Your MicroStrategy Identity Server Data into ADFS

Configuring SharePoint to Work with ADFS

Configuring Exchange to Work with ADFS