AD FS Management SSO

Open your AD FS Management Tool. 

Configure Relying Party Trust.

1. Click on Relying Party Trusts and then click on Add Relying Party Trust from Actions. Click Start to configure.
2. From Select Data Source, choose Enter data about the relying party manually option and click Next. 
3. From Specify Display Name, enter a Display name and click Next.
4. From Configure Certificate, leave as it is and click Next.
5. From Configure URL:
   1. Select Enable support for the SAML 2.0 Web SSO protocol
   2. For Relying party SAML 2.0 SSO service URL, paste your AlertOps domain URL. 
      • https://app.alertops.com/yourorg
      • Replace "yourorg" with your respective AlertOps domain/account.
6. From Configure Identifiers:
   1. For Relying party trust identifier, paste your AlertOps domain URL and then click the Add button.
      •  https://app.alertops.com/yourorg
      • Please replace "yourorg" with your respective AlertOps domain/account.
      • Then click Next. 
7. From Choose Access Control Policy, Permit everyone and leave as it is then click Next.
8.  From Ready to Add Trust, review your settings and click Next.
9. Finish. On successful message click Close.

Configure Claims Issuance Policy

1. Go to Relying Party Trusts and right click on the trust you just created and click Edit Claim Issuance Policy.
2. In the Issuance Transform Rules dialog, click Add Rule.
3. From the Select Rule Template screen,  select Send LDAP Attributes as Claims as Claim rule template and click Next.
4. From the Configure Rule screen:
   1. Give a Claim rule name. 
   2. Select Active Directory from Attribute Store. 
   3. Under Mapping select E-mail Address on both LDAP Attribute and Outgoing Claim type
   4. Click Finish.
5. Once the first rule is completed, click Add Rule again.
6. From the Select Rule Template screen, select Transform an Incoming Claim as Claim rule template and click Next.
7. Configure Rule:
   1.  Give a Claim rule name.
   2. Select E-Mail Address as Incoming claim type.
   3. Select Name ID as Outgoing claim type. 
   4. Select Email as Outgoing name ID format.
   5. Choose Pass through all claim values.
   6.  Click OK.
8. Click Apply and OK. Please note that the order of these Rules is important.

Get the Certificate

1. Go to Certificates in Service, right click on the Token-signing certificate and click View Certificate.
2. Click Copy to File and click OK.
3. Choose Base-64 encoded x.509 (.CER) and click Next.
4. Browse the desired location and click Next.
5. You should see the successful export of the certificate and click Finish.

SSO configuration in AlertOps

1. Go to Account Settings in Alertops and then click Update SSO. 
2. Enable Use Single Sign-On (SSO), then edit the following settings:
   1. Issuer URL:  https://app.alertops.com/yourorg (replace "yourorg" with your AlertOps domain)
   2. SAML endpoint URL: AD FS URL 
      • https://ADFSaccount.com/adfs/ls  
      • (ADFSaccount.com is SAML 2.0/W-Federation' URL in the ADFS Endpoints)
   3. SAML Signature Algorithm: SHA256
   4. X 509 Certificate: copy/paste the certificate you downloaded previously