- Open the ADFS Management Console.
- In the tree browser on the left, Navigate to "Relying Party Trusts".
- Click on "Add Relying Party Trust" (Under the "Actions" window on the right side of the console).
- In the "Add Relying Party Trust Wizard" dialog, select “Claims aware”, then click "Start".
- Select "Enter data about the relying party manually" and click "Next".
- Choose any "Display name" and click "Next".
- You can skip over the certificate and click "Next".
- Choose "Enable support for the SAML 2.0 WebSSO protocol" and in the URL textbox fill in: "https://{PLATFORM_URL}/artifactory/webapp/saml/loginResponse" and click "Next".
(Example of {PLATFORM_URL}: https://yourcompany.jfrog.io/yourcompany or https://yourcompany.local:8443/artifactory )
9. In the "Relying party trust identifier" textbox fill in: "https://{PLATFORM_URL}" and click "Add", click "Next".
10. Choose "Permit everyone" and click "Next".
11. Click "Next".
12. Choose "Close".
13. In the "Edit Claim Issuance Policy" dialog, click on "Add Rule…"
14. In the "Claim rule template" dropbox, choose "Send LDAP attributes as claims" and click "Next".
15. Fill in any "Claim rules name" and in the "Attribute store" dropbox choose "Active Directory".
16. In the "Mapping of LDAP attributes…" section, in the "LDAP attribute" choose "SAM-Account-Name" or "Email Address". In the "Outgoing claim type" dropbox choose "Name ID" and click "Finish".
17. Add another rule, this time choose “Transform an incoming claim” and click next.
18. Fill in a name, and have the “Incoming claim type” field set to “E-Mail Address” and “Outgoing claim type” to “Name ID”. Click on Finish.
- You can change the “Incoming claim type” attribute to “Windows Account Name” if you want your Artifactory user to appear correspondingly (instead of your email address).