Skip to main content
Applies to BloodHound Enterprise and CE
See SAML in BloodHound for order of operations, general SAML setup, and user configuration in BloodHound.

Create an Application

  1. In the AD FS management console, right-click on Relaying Party Trust and click “Add Relaying Party Trust”.
  1. Choose “Claims aware” and click “Start”.
  1. Insert the metadata URL based on your chosen name and click “Next.”
  1. Enter the preferred display name and click “Next.”
  1. Choose the desired Access Control Policy. (Note that access and permissions are configured within BloodHound Enterprise).
  1. Review the information presented and click “Next”.
  1. Leave the “Configure claims issuance policy for this application” box checked and click “Close”.

Complete SAML Integration Configuration

  1. On the “Edit Claim Issuance Policy” dialog box, click “Add Rule…”.
  1. Choose “Send LDAP Attributes as Claims” and click “Next.
  1. Fill out the following and click “Finish”. LDAP Attribute: E-Mail-Addresses Outgoing Claim Type : E-Mail Address
  1. Click “Add Rule” to add another claim rule.
  1. Choose “Transform and Incoming Claim” and click “Next”.
  1. Fill out the following and click “Finish”. Incoming claim type: E-Mail Address Outgoing claim type: Name ID Outgoing name ID format: Email Choose “Pass through all claim values”
  1. Click “Apply”.
  1. Download the metadata file provided by your ADFS environment. By default, this is hosted at: https://YOURDOMAIN/federationmetadata/2007-06/federationmetadata.xml
  2. Follow the instructions at SAML in BloodHound Enterprise to create the SAML provider in BloodHound Enterprise.