Single Sign-On is only available in our Plus and Enterprise Network plans.

MURAL supports a Single Sign-On Integration with your Active Directory Federation Services (ADFS) server to manage the authentication flow of your members.

Step 1 - Create a new relying party trust

1. Sign-in to ADFS Server

2. Open the ADFS management console. In the left menu, open the Trust Relationships folder and select Relying Party Trust.

3. From the right menu, click on Add Relying Party Trust to open up the wizard and configure the new application.

4. In the Select Data Source step, select Import data about the relying party from a file.

5. Upload MURAL's metadata file. If you are in an Enterprise Network plan, you can download the metadata file from your Company Dashboard. If you're on a Plus plan, you can download it from the following link.

Step 2 - Configure Claim Rules

1. Create a new rule by clicking on Add Rule

2. Set the Claim rule template as Send LDAP Attributes as Claims and click Next

3. Enter a name for the new rule, set the Attribute store to Active Directory and configure the following mappings:

4. Next, click again in Add Rule to transform an incoming claim

5. Set the Claim rule template as Transform an Incoming Claim and move to the next step of the wizard.

6. Enter a name for the new rule and set the Incoming claim type as E-mail Address, Outgoing claim type as Name ID and Outgoing name ID format as Email. In addition, you should select Pass through all claim values option and then click OK to save the configuration.

Now, your ADFS Identity Provider (IDP) is ready to go. In order to finish the complete integration, you will need to download the IDP Metadata file to configure MURAL.

If you have a Plus plan, please send an email to support@mural.co attaching the metadata file.

If you have an Enterprise Network plan, you will be able to import the metadata file through the Self-Serve Single Sign-On feature in the company dashboard. If you configure the Outgoing Claim Types with the default values described above you should configure the Claim mappings in MURAL with the following values:

  • Email Address http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  • First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  • Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

If you typed a custom name for the Outgoing Claim Types, you should type the same name you entered in ADFS.

Did this answer your question?