How to Configure SAML Authentication with ADFS

How to Configure SAML Authentication with ADFS

If you use Microsoft’s Active Directory Federation Services (ADFS), you can easily set up SAML authentication with SecureW2.

To do so, you need to share metadata between ADFS and SecureW2, and then map attributes in ADFS.

Ready to set it up? Here’s what you need to get started:

  • An active SecureW2 account
  • An active Cloud Connector subscription

 

Prerequisites

To configure SAML authentication with ADFS, make sure you meet the following prerequisites:

 

Note: The ADFS server must be publicly accessible and signed by a public CA certificate. Also, the metadata from the ADFS server is required to add trust with the SecureW2 servers.

 

Save the metadata file

To save the metadata file:

  1. From your SecureW2 Management Portal, go to Identity Management > Identity Providers.
  2. Click Edit for the identity provider (IDP) you want to use for authentication.
  3. Select the Configuration tab.
  4. Under Service Provider (SP) Info, for Metadata, click Download. Save the metadata file (.XML) to your computer.

 

Configure ADFS

To configure ADFS for SAML authentication:

  1. Run the mmc command to open the Microsoft Management Console.
  2. Add the ADFS Management snap-in.
  3. Select the main node (ADFS), and in the right pane click Add Relying Party Trust.
  4. Using the wizard that appears, click Import data about the relying party from a file. Select the metadata file you downloaded.
  5. Click Next.
  6. For Name, enter a name.
  7. Click Next.
  8. Select I do not want to configure multi-factor authentication settings.
  9. Click Next.
  10. Select whether to use a user blacklist or whitelist.
    • Note: If you choose whitelist (Deny all users), you will need to grant access to users/groups at a later time.
  11. Click Next, and then click Close.
  12. In the Edit Claim Roles window, click Add Rule.
  13. Using the wizard that appears, select Send LDAP Attributes as Claims.
  14. Click Next.
  15. For Name, enter a name.
  16. For Attributes Store, select Active Directory.
  17. Configure LDAP to SAML attribute mapping based on your use case. For example:
    • Note: You must map the Name ID to an attribute providing a unique ID.
  18. Click Finish.
  19. Select the Issuance Authorization Rules tab, and configure who does/does not have access. This is optional.
  20. Click OK to close the window.
  21. Right-click the relying party trust you created, and click Properties.
  22. Select the Advanced tab.
  23. Click the Secure hash algorithm dropdown and select SHA-1.
  24. Click OK to close the window.

Active Directory Federation Services is a registered trademark of Microsoft in the United States and/or other countries. Other trademarks, logos and service marks used in this site are the property of SecureW2 or other third parties.

  • Email addresses from free providers (Gmail, Hotmail, etc.) will not be accepted.
  • This field is for validation purposes and should be left unchanged.