Skip to content

Commit 136629e

Browse files
johnstcnjohnstcn
authored
add suggestions (#991)
1 parent ea0095e commit 136629e

File tree

1 file changed

+15
-7
lines changed

1 file changed

+15
-7
lines changed

guides/admin/oidc-adfs.md

+15-7
Original file line numberDiff line numberDiff line change
@@ -43,22 +43,28 @@ Services and obtain the information you need to provide to Coder.
4343
`https://coder.your-domain.com/oidc/callback`) and click **Add**. Then, click
4444
**Next** to proceed.
4545

46+
![Configure Web API](../../assets/guides/admin/adfs-3.png)
47+
4648
1. In the next screen, titled **Configure Application Credentials**, click the
4749
**Generate a shared secret** checkbox. Note the **Secret** value that
4850
appears, since you'll need to provide this to Coder at a later step. Click
4951
**Next** to proceed.
50-
![Configure Application Credentials](../../assets/guides/admin/adfs-3.png)
52+
53+
![Configure Application Credentials](../../assets/guides/admin/adfs-4.png)
5154

5255
1. In the next step, **Configure Web API**, enter the **Client identifier** that
5356
you saved in step 4 in the field called **Identified** and click **Add**.
5457
Click **Next** to proceed.
5558

56-
![Configure Web API](../../assets/guides/admin/adfs-4.png)
59+
![Configure Web API](../../assets/guides/admin/adfs-5.png)
5760

5861
1. On the **Choose Access Control Policy** screen, choose your preferred access
5962
control policy, and click **Next** to proceed.
6063

61-
![Choose Access Control Policy](../../assets/guides/admin/adfs-5.png)
64+
In the example below, we permit members of a specific group `coder-users` to
65+
access Coder.
66+
67+
![Choose Access Control Policy](../../assets/guides/admin/adfs-6.png)
6268

6369
1. For the step **Configure Application Permissions**, select the following
6470
**Permitted scopes**:
@@ -70,13 +76,11 @@ Services and obtain the information you need to provide to Coder.
7076

7177
Click **Next** to proceed.
7278

73-
![Configure Application Permissions](../../assets/guides/admin/adfs-6.png)
79+
![Configure Application Permissions](../../assets/guides/admin/adfs-7.png)
7480

7581
1. Finally, in the **Summary** window, review the information you've provided.
7682
Click **Next** when you're ready to proceed and close the setup wizard.
7783

78-
![Review summary](../../assets/guides/admin/adfs-7.png)
79-
8084
## Step 2: Modify the claim rules
8185

8286
In this step, you'll ensure that the access tokens sent by ADFS include the
@@ -101,7 +105,11 @@ following
101105

102106
1. Enter a name for the claim rule.
103107

104-
1. In the **Custom Rule** field, enter the following:
108+
1. In the **Custom Rule** field, enter a claim rule written in the
109+
[ADFS Claim Rule Language](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/the-role-of-the-claim-rule-language).
110+
111+
The following example claim rule maps the Active Directory attributes
112+
`userPrincipalName` and `displayName` as `email` and `name`, respectively:
105113

106114
```text
107115
c:[Type ==

0 commit comments

Comments
 (0)