ADFS Identity Provider
Connect ConfigCat with Active Directory Federation Services (ADFS) via SAML.
Introduction
Each SSO Identity Provider requires specific information to configure a SAML integration. The following guide will walk you through on how you can connect ConfigCat with ADFS as a SAML Identity Provider.
1. Collect SAML Metadata from ConfigCat
Open your organization's authentication settings on the ConfigCat dashboard.
Select the domain you want to configure with SAML, and click
Set
under theSAML SSO status
.From the appearing dialog, copy the following values and save them for further use.
Entity ID
Assertion Consumer Service
2. Configure a Relying Party Trust
Open the ADFS Management console, and click
Add Relying Party Trust
.Make sure the
Claims aware
option is selected, and clickStart
.Select the
Enter data about this relying party manually
option, and clickNext
.Type a descriptive
Display name
, and clickNext
.No action required on the
Configure Certificate
pane, clickNext
.Select the
Enable support for the SAML 2.0 WebSSO protocol
option, and paste the value ofAssertion Consumer Service
from Step 1 into theRelying party SAML 2.0 SSO service URL
field.
Then, ClickNext
.Paste the value of
Entity ID
from Step 1 into theRelying party trust identifier
field, and clickAdd
.
Then, clickNext
.No action required on the
Choose Access Control Policy
pane, clickNext
.Review the changes, then click
Next
.The Relying Party Trust is now successfully added, make sure the
Configure claims issuance policy for this application
option is checked, and clickClose
.
3. Configure Claims Issuance Policy
After adding the Relying Party Trust, the following dialog should appear.
ClickAdd rule
.Select
Send LDAP Attributes as Claims
as theClaim rule template
, and clickNext
.Apply the following, and click
Finish
.- Add a descriptive
Claim rule name
. - Select
Active Directory
asAttribute store
. - Select
User-Principal-Name
asLDAP Attribute
. - Select
Name ID
asOutgoing Claim Type
.
- Add a descriptive
Click
OK
.
4. Configure ConfigCat with SAML Details from ADFS
You can choose one of the following options to configure ConfigCat with SAML Identity Provider metadata.
- Metadata URL
- Manual Configuration
Select
Endpoints
, and copy the URL Path of theFederation Metadata
endpoint.Type the URL into the
Metadata URL
field at ConfigCat in the following format:https://[ADFS-DOMAIN]/[FEDERATION-METADATA-URL-PATH]
.- Click on
Save
.
Select
Endpoints
, and save the URL Path of theSAML 2.0/WS-Federation
endpoint.Select
Certificates
, then select theToken Signing
certificate, and clickView Certificate
.On the
Details
tab clickCopy to File
.Click
Next
.Select the
Base-64 encoded X.509 (.CER)
option, and clickNext
.Browse the location where the certificate should be exported, and click
Next
.Click
Finish
.Click
OK
.Type the
SAML 2.0/WS-Federation
endpoint into theSign-on URL
field in the following format:https://[ADFS-DOMAIN]/[WS-FEDERATION-URL-PATH]
. Then, paste the exportedToken Signing
certificate into theX.509 Certificate
field.- Click on
Save
.
5. Sign In
Go to the ConfigCat Log In page, and click
COMPANY ACCOUNT - SAML
.Sign in with your company email address.
ConfigCat will redirect you to the ADFS sign in page. Type your credentials, and click
Sign in
.You should be redirected to ConfigCat signed in with your company account.
6. Next Steps
- Configure the auto-assignment of users.