1. Censys
  2. Censys Search
  3. Censys Account Management

Other Articles In This Section

In this article:

Set Up Microsoft ADFS for Censys SAML Authentication

  • Updated

Follow this guide to enable SSO with Microsoft Active Directory Federation Services (ADFS) as your Identity Provider for Censys authentication.

  1. In the Server Manager, open the Tools menu and select the AD FS Management menu item.

  2. In the Actions panel on the right-hand, click on Add Relying Party Trust and click the Start button.

    add relying party trust

  3. On the Select Data Source step, elect to "Enter data about the relying party manually" and click Next.

    enter data manually

  4. On the Specify Display Name step, enter Censys as the display name and click Next.

    specify display name

  5. On the Choose Profile step, leave AD FS profile selected and click Next.

    choose adfs profile

  6. Leave the Configure Certificate step blank and click Next.

    encryption cert

  7. On the Configure URL step, select Enable support for the SAML 2.0 WebSSO protocol.

    configure url

    Paste the Metadata URL in the SP Details section of your Censys team’s authentication page into the text box under Relying party SML 2.0 SSO service URL.

    censys metadata url

    Click Next.

  8. On the Configure Identifiers step, enter https://censys.io/ as the Relying party trust identifier and click Add, then Next.

    configure entity id

  9. On the Configure Multi-Factor Authentication step, choose the option that fits your organization’s security setup and best practices.

    require mfa

  10. On the Choose Issuance Authorization Rules step, grant or deny blanket access to users as desired. Then click Next.

    choose issuance authorization

  11. On the Ready page, check that the configuration details are correct and accord with your organization’s security best practices and click Next.

  12. On the Finish page, leave the "Open the Edit Claim Rules" dialog checkbox selected and click Close.

    edit claim rules

  13. In the new Edit Claim Rules for Censys window, on the "Issuance Transform Rules" tab, click Add Rule in order to map attributes in ADFS to claims that Censys expects.

    add rule

  14. On the Select Rule Template step, under the Claim rule template dropdown, leave "Send LDAP Attributes as Claims" selected and click on Next.

    send ldap attributes

  15. On the Configure Claim Rule step, enter Censys Attributes as the Claim rule name.

    Select Active Directory from the dropdown menu under Attribute store.

    In the mapping table, map the LDAP Attribute "Given-Name" to the Outgoing Claim type FirstName and the LDAP Attribute "Surname" to Outgoing Claim type LastName. Click Finish.

    censys attributes

  16. Once again in the Edit Claim Rules for Censys window, on the "Issuance Transform Rules" tab, click Add Rule.

    add rule

  17. On the Select Rule Template step, under the Claim rule template dropdown, select "Transform an Incoming Claim" and click Next.

    transform incoming claim

  18. On the Configure Claim Rule step:

    1. Enter NameID as the Claim rule name.

    2. Select UPN as the Incoming claim type.

    3. Select Name ID as the Outgoing claim type.

    4. Enter Persistent Identifier as the Outgoing name ID format.

    5. Ensure that "Pass through all claim values" is selected.

    6. Click Finish.

      transform claim rule

  19. Back on the Edit Claim Rules for Censys window, click OK.

  20. Configure the ADFS server to decrypt Censys authentication requests with the correct signature.

    1. In the Censys web app, navigate to the authentication configuration page by opening the user dropdown menu in the top-right and selecting My Account. On the account page, click on the Team tab and select Authentication from the menu.

      censys account team auth menu

    2. In the SP Details section, copy the Authentication Request Signing Certificate.

    3. Create a new file on the ADFS server and paste the contents of the certificate in it. Name the file censys.cer.

    4. Back on the ADFS server, in the tree on the left of the AD FS window, expand Trust Relationships and click on Relying Party Trusts. Then double-click on the Censys relying party trust to edit it.

      edit censys

    5. Select the Signature tab and click Add. Select the censys.cer file just created and then click OK.

Related articles

Comments

0 comments

Please sign in to leave a comment.