Skip to main content
Version: Config V2

ADFS Identity Provider

Connect ConfigCat with Active Directory Federation Services (ADFS) via SAML.

Introduction

Each SSO Identity Provider requires specific information to configure a SAML integration. The following guide will walk you through how you can connect ConfigCat with ADFS as a SAML Identity Provider.

1. Collect SAML Metadata from ConfigCat

  • Open your organization's authentication settings on the ConfigCat Dashboard.

    ConfigCat authentication settings
  • Click ADD SAML IDENTITY PROVIDER.

    ConfigCat Add Identity Provider
  • Give a name for your Identity Provider, and click Create.

    ConfigCat Name Identity Provider
  • From the next section of the dialog, copy the following values and save them for further use.

    • Entity ID

    • Assertion Consumer Service

      ConfigCat SAML configuration

2. Configure a Relying Party Trust

  • Open the ADFS Management console, and click Add Relying Party Trust.

    ADFS add relying party trust
  • Make sure the Claims aware option is selected, and click Start.

    ADFS claims aware
  • Select the Enter data about this relying party manually option, and click Next.

    ADFS manual relying party setup
  • Type a descriptive Display name, and click Next.

    ADFS display name
  • No action required on the Configure Certificate pane, click Next.

    ADFS certificate configuration
  • Select the Enable support for the SAML 2.0 WebSSO protocol option, and paste the value of Assertion Consumer Service from Step 1 into the Relying party SAML 2.0 SSO service URL field.
    Then, Click Next.

    ADFS acs URL
  • Paste the value of Entity ID from Step 1 into the Relying party trust identifier field, and click Add.
    Then, click Next.

    ADFS entity ID
  • No action required on the Choose Access Control Policy pane, click Next.

    ADFS Access Control Policy
  • Review the changes, then click Next.

    ADFS add trust
  • The Relying Party Trust is now successfully added, make sure the Configure claims issuance policy for this application option is checked, and click Close.

    ADFS finish configuration

3. Configure Claims Issuance Policy

  • After adding the Relying Party Trust, the following dialog should appear.
    Click Add rule.

    ADFS edit claims
  • Select Send LDAP Attributes as Claims as the Claim rule template, and click Next.

    ADFS LDAP claims
  • Apply the following, and click Finish.

    • Add a descriptive Claim rule name.
    • Select Active Directory as Attribute store.
    • Select User-Principal-Name as LDAP Attribute.
    • Select Name ID as Outgoing Claim Type.
    ADFS unc to nameid
  • Click OK.

    ADFS finish claims

4. Configure ConfigCat with SAML Details from ADFS

You can choose one of the following options to configure ConfigCat with SAML Identity Provider metadata.

  • Select Endpoints, and copy the URL Path of the Federation Metadata endpoint.

    ADFS metadata url path
  • Type the URL into the Metadata URL field at ConfigCat in the following format: https://[ADFS-DOMAIN]/[FEDERATION-METADATA-URL-PATH].

    ADFS metadata url
  • Select the trusted domains. Only user accounts from trusted domains can login with SAML SSO. You can bind multiple verified domains to a SAML Identity Provider.

    Select trusted domains
  • Click on Save.

5. Sign In

  • Go to the ConfigCat Log In page, and click COMPANY ACCOUNT - SAML.

    ConfigCat SAML login
  • Sign in with your company email address.

    ConfigCat SAML company login
  • ConfigCat will redirect you to the ADFS sign in page. Type your credentials, and click Sign in.

    ADFS log in
  • You should be redirected to ConfigCat signed in with your company account.

6. Next Steps