Applies to BloodHound Enterprise and CE For general instructions on adding a SAML provider to BloodHound Enterprise or for configuring users to utilize a SAML provider, see SAML in BloodHound Enterprise. See SAML Order of Operations and Quick Reference before starting.

Create an Application

  1. In the AD FS management console, right-click on Relaying Party Trust and click “Add Relaying Party Trust”.
  1. Choose “Claims aware” and click “Start”.
  1. Insert the metadata URL based on your chosen name and click “Next.”
  1. Enter the preferred display name and click “Next.”
  1. Choose the desired Access Control Policy. (Note that access and permissions are configured within BloodHound Enterprise).
  1. Review the information presented and click “Next”.
  1. Leave the “Configure claims issuance policy for this application” box checked and click “Close”.

Complete SAML Integration Configuration

  1. On the “Edit Claim Issuance Policy” dialog box, click “Add Rule…”.
  1. Choose “Send LDAP Attributes as Claims” and click “Next.
  1. Fill out the following and click “Finish”. LDAP Attribute: E-Mail-Addresses Outgoing Claim Type : E-Mail Address
  1. Click “Add Rule” to add another claim rule.
  1. Choose “Transform and Incoming Claim” and click “Next”.
  1. Fill out the following and click “Finish”. Incoming claim type: E-Mail Address Outgoing claim type: Name ID Outgoing name ID format: Email Choose “Pass through all claim values”
  1. Click “Apply”.
  1. Download the metadata file provided by your ADFS environment. By default, this is hosted at: https://YOURDOMAIN/federationmetadata/2007-06/federationmetadata.xml
  2. Follow the instructions at SAML in BloodHound Enterprise to create the SAML provider in BloodHound Enterprise.