Skip to main content

ADFS

Connect ConfigCat with Active Directory Federation Services (ADFS) via SAML.

Introduction

Each SSO Identity Provider requires specific information to configure a SAML integration. The following guide will walk you through on how you can connect ConfigCat with ADFS as a SAML Identity Provider.

1. Collect SAML Metadata from ConfigCat

  • Open your organization's authentication settings on the ConfigCat dashboard.

  • Select the domain you want to configure with SAML, and click Set under the SAML SSO status.

  • From the appearing dialog, copy the following values and save them for further use.

    • Entity ID

    • Assertion Consumer Service

2. Configure a Relying Party Trust

  • Open the ADFS Management console, and click Add Relying Party Trust.

  • Make sure the Claims aware option is selected, and click Start.

  • Select the Enter data about this relying party manually option, and click Next.

  • Type a descriptive Display name, and click Next.

  • No action required on the Configure Certificate pane, click Next.

  • Select the Enable support for the SAML 2.0 WebSSO protocol option, and paste the value of Assertion Consumer Service from Step 1 into the Relying party SAML 2.0 SSO service URL field.
    Then, Click Next.

  • Paste the value of Entity ID from Step 1 into the Relying party trust identifier field, and click Add.
    Then, click Next.

  • No action required on the Choose Access Control Policy pane, click Next.

  • Review the changes, then click Next.

  • The Relying Party Trust is now successfully added, make sure the Configure claims issuance policy for this application option is checked, and click Close.

3. Configure Claims Issuance Policy

  • After adding the Relying Party Trust, the following dialog should appear.
    Click Add rule.

  • Select Send LDAP Attributes as Claims as the Claim rule template, and click Next.

  • Apply the following, and click Finish.

    • Add a descriptive Claim rule name.
    • Select Active Directory as Attribute store.
    • Select User-Principal-Name as LDAP Attribute.
    • Select Name ID as Outgoing Claim Type.
  • Click OK.

4. Configure ConfigCat with SAML Details from ADFS

You can choose one of the following options to configure ConfigCat with SAML Identity Provider metadata.

  • Select Endpoints, and copy the URL Path of the Federation Metadata endpoint.

  • Type the URL into the Metadata URL field at ConfigCat in the following format: https://[ADFS-DOMAIN]/[FEDERATION-METADATA-URL-PATH].

  • Click on Save.

5. Sign In

  • Go to the ConfigCat Log In page, and click COMAPNY ACCOUNT - SAML.

  • Sign in with your company email address.

  • ConfigCat will redirect you to the ADFS sign in page. Type your credentials, and click Sign in.

  • You should be redirected to ConfigCat signed in with your company account.

6. Next Steps