Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Access Help Configure Integrations with SAML Identity Providers Configure AD FS for SAML Step 3 – Add the Identity Provider's SAML Metadata to Secure Access Step 3b – Add the Secure Access Service Provider Metadata to AD FS

Last updated: Aug 20, 2025

Step 3b – Add the Secure Access Service Provider Metadata to AD FS

Add the Secure Access service provider metadata to your instance of AD FS, then download the IdP metadata file to finish configuring Secure Access in the next step.

Contact Microsoft for assistance. For more information on configuring your IdP, exporting your IdP metadata, obtaining your IdP details, or downloading your IdP's signing certificate, refer to your vendor's documentation.

  1. Log into AD FS and navigate to Server Manager > Tools > AD FS Management.

  2. In the AD FS Manager, right-click on Trust Relationships and navigate to Relying Party Trusts > Add Relying Party Trust and select Start.

  3. Choose Import data about the relying party from a file and browse for the metadata.xml file downloaded from Secure Access.

  4. For Display name, provide a meaningful name for the trust connection, and then click Next.

  5. Select I do not want to configure multi-factor authentication settings for this relying party trust at this time and click Next.

  6. Select Permit all users to access relying party and click Next.

  7. Verify settings and click Next.

  8. Right-click on the recently created relaying party and select Edit Claim Rules.

  9. Under Issuance Transform Rules, click Add Rule, then choose Send Claims Using a Custom Rule with the following configuration:

    c:\[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"\] 

=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = ";userPrincipalName;{0}", param = c.Value);

  10. Repeat the previous step with the following configuration.

    c:\[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"\] 

=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties\["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"\] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
  11. Download the AD FS metadata XML file and save the file on your local system.
Previous topic Step 3a – Download the Secure Access Service Provider files Next topic Step 3c – Add the AD FS SAML Metadata to Secure Access