ADFS (SAML): How to set up authentication.

We now support ADFS, which is becoming popular as a single sign-on method used by many organisations. 

Setting up ADFS

Please follow the following steps to setup your ADFS instance with the new relying party trust, which handles the requests from our system:

  1. Set up a new Relying Party Trust using SP metadata as set out below. When asked for the metadata URL, you should use our Service Provider (SP) metadata URL:

    Please make sure to replace both instances of yoursystemaddressin the URL with your own system name - this is the part that comes before in the URL for SchoolCloud Room Booking.

    To set up the trust:

    Server 2012 R2 onwards:

    Server 2008:

    NOTE: Servers not utilising the TLS1.2 protocol by default will see the following error: You can find instructions on correcting this in the "Enabling Strong Authentication for .NET Applications" section of this article:
  2. When you reach the Finish step, tick the "Open the edit claim rules dialog for this relying party trust when the wizard closes" box to start editing the rule once you're finished.
  3. Click Add Rule under the Issuance Transform Rules tab. When asked which template to use, select "Send LDAP Attributes as Claims". Set a name for the rule, then set the Attribute store to Active Directory. Under the attribute map section, set up the following:

    LDAP Attribute Outgoing Claim Type
    Department eduPersonAffiliation
    Given-Name givenName
    E-Mail-Addresses email
    SAM-Account-Name eduPersonPrincipalName
    Surname sn
    NOTE: If you are running ADFS 2, you'll need to add one more claim here:

    LDAP Attribute Outgoing Claim Type
    User-Principal-Name UPN

    You might not find the Outgoing Claim Type in the drop down box, that's expected.

    The resulting rule should look something like this: c82516dafe51fdce9357ef0666a4c389.pngSave the rule by clicking Ok.

  4. Add another new rule, this time the template should be Transform an Incoming Claim. Set a Claim rule name for the rule, the Incoming claim type to UPN, the Outgoing claim type to Name ID and Outgoing name ID format to Transient Identifier7f097b57d70142cb83f0ed1b60d53adb.png
  5. You may want to set up a new Authorisation Claim Rule to stop certain users being able to access Room Booking (e.g. students). You can find guides on authorisation rules below:
  6. Click Ok to save the rule to complete the setup of your ADFS server.

Setting up Room Booking with ADFS Authentication

Once the rule has been created, you can easily set up the ADFS authentication method which relies on our SAML support. 

Log in to Room Booking as an admin and navigate to  Settings > System Settings > Authentication

Select SAML/ADFS Single Sign-on from the list of authentication methods then paste the entity ID (usually something like and URL for metadata (usually something like https://domain/federationmetadata/2007-06/federationmetadata.xml) into the two boxes.

Enable the  SAML Enabled and Enable SP Initiated Login options.

We recommend enabling Automatically Create New Users for testing purposes during this setup, even if you don't intend on using it in practice. Generally, once you've tested sign-in, we recommend you to have this turned on.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us