Add relying party trust
Once ADFS is ready, add a new relying party trust to the ADFS service.
On ADFS Management, Click "Add Relying Party Trust"
Select "Claims aware" on the wizard popup, and click "Next"
Select "Enter data about the relying party manually" and click “Next”
Input "www.securedsigning.com" in the "Display name" and click “Next”
Browse to your certificate to import certificate and click “Next”
Enable both WS-Federation Passive protocol and SAML 2.0 WebSSO protocol. For both protocols input
https://www.securedsigning.com/ADFS/Account/LoginCallbackAdfs
as endpoints and click “Next”
Input https://www.securedsigning.com/ADFS/Account/LoginCallbackAdfs
as identifiers and click “Next”
Please notice that the rely party identifier is case sensitive. Please input the exact value.
Select the “Permit all users to access this relying party” option and click “Next”
Select new added Relying party trust "www.securedsigning.com", click “Edit Claim Issuance Policy...”
click “Add Rule...”
In the popup wizard, select “Send LDAP Attributes as Claims” and click “Next”
Input the rule name, select “Active Directory” as the Attribute store and select the LDAP attributes below:
E-Mail-Address -> E-Mail Address
Surname -> Surname
Given-Name -> Given Name
User-Principal-Name -> Windows account Name
In the ADFS 2.0 console, run “Add Relying Party Trust” wizard.
Click “Start”, select “Enter data about the relying party manually” option and click “Next”.
Enter a display name and click “Next”
Select “ADFS 2.0 profile” options and click “Next”
You can Ignore the encryption certificate, so just click “Next”
Enable both WS-Federation Passive protocol and SAML 2.0 WebSSO protocol. For both protocols input
https://www.securedsigning.com/ADFS/Account/LoginCallbackAdfs
as endpoints and click “Next”
Input https://www.securedsigning.com/ADFS/Account/LoginCallbackAdfs
as identifiers and click “Next”
Please notice that the rely party identifier is case sensitive. Please input the exact value.
Select the “Permit all users to access this relying party” option and click “Next”
In the popup claim rule window, add a new “Transform Claim Rule”
In the popup wizard, select “Send LDAP Attributes as Claims” and click “Next”
Input the rule name, select “Active Directory” as the Attribute store and select the LDAP attributes below:
E-Mail-Address -> E-Mail Address
Surname -> Surname
Given-Name -> Given Name
User-Principal-Name -> Windows account Name
Setup Single Sign On with ADFS in your Secured Signing Membership
You need an enterprise account to integrate secured signing with your own ADFS server.
Login to the Enterprise Portal and go to "Memberships".
Select the membership that requires single sign on with ADFS. In the "Single Sign On" tab. Enable Single Sign On and input your "Federation Metadata Address".

Click "Users Setup" button. This will open the Accounts management page where you can manage your accounts to use ADFS integration. All accounts under this membership must login with ADFS. Users will no longer be able to authenticate using a username and password to access Secured Signing.
Select an account from the account list, input the "User Domain Name Login (ADFS)" and save. This Single Sign On input option is visible only when the "Single Sign On" has been enabled for the membership.

The User Domain Name Login should be in the format ‘Domain\Windows Account’. This should be the "User logon name (pre-Windows 2000)" property from Active Directory User properties.
The "User Domain Name Login" is case insensitive. It should not be duplicated (use same domain name for different accounts) in one membership.

You need to setup all accounts for ADFS login.
Activate user account
Once user account created, the user will receive an activation email, click "Click to Activate" button in the email. Then in the activation page, click "Activate" button.

Join an Existing Secured Signing Account to a Membership with Single Sign On enabled
For an existing user, he/she can join a membership by adding the membership code to the "My Account" -> "My Details" page

If this membership is configured to use Single Sign On with ADFS, the user will need to enter tjheir User Domain Name Login and click "OK" to join the membership.

Initial Login with Single Sign On (ADFS)
Once single sign on is enabled, the first time each user accesses Secured Signing they will need to input their email to login. A password is not required.

The system will check if Single Sign On is enabled for this user. If so, it will redirect to your ADFS server website. Then the user input his/her windows logon credential to login with your ADFS server. The user can check the option to "Remember my email" to login with ADFS next time.

Once the user has logged in with ADFS successfully, the user will be redirected to Secured Signing. On subsequent logins, the user's domain name will be remembered. Click "Log in with ADFS" the user will be logged in to Secured Signing using the domain name to login.
Please notice that, with this option, you should logon to windows with your own account to login with ADFS. Otherwise, you may see an error saying "Cannot login, use your own computer to retry or contact your administrator.".
