Configuring an ADFS Connection with ADFS (Prerequisite)
ADFS is a service provided by Microsoft as a standard role for Windows Server that provides a web login using existing Active Directory accounts. It uses a claims-based access control authorization policy and federates identity. The following steps will guide you through setting up an ADFS connection with your Active Directory Federation Services (ADFS).
Please note: The specifics of the configuration process can differ depending on the ADFS version you're using. Here, we provide a general outline of the process.
Access Your ADFS Management Console: On your server, open the Active Directory Federation Services (ADFS) Management Console.
Create a New Relying Party Trust: This is your application or service that will use ADFS for authentication. Right-click on "Relying Party Trusts" and then click "Add Relying Party Trust…". This will start the configuration wizard. Note: The identifier of the relying party trust should always be set to urn:auth0:fundapps. The display name is arbitrary.
Fill in Basic Information: During the wizard, you'll be asked to fill out some basic information about your application, such as the display name. This will help users identify your application in their list of services.
Configure ADFS Settings: In the wizard, you'll configure the ADFS settings. You'll need to add a new WS-Federation Passive Endpoint to the relying party trust settings - the URL of which should be set to
https://auth.fundapps.co/login/callback.Configure Claims Rules: Claims rules determine what data your application will receive. You can add rules for different attributes that will be included in the security assertions. Here are the claims needed and how they should be mapped:
Finish and Save: Once you've filled in the necessary information, finish the wizard to save your changes and create the Relying Party Trust.
You have now configured an ADFS connection with ADFS! Keep the details handy, as they will be used in the next steps for setting up SSO in your application.
Important: Always review your specific ADFS documentation for the most accurate and detailed steps. This outline is a basic guide, but the specific settings may vary depending on your ADFS version and setup.
Create SSO Connection (Required)
FundApps supports two methods of configuring ADFS SSO:
Option 1: With a URL
Select ADFS URL from the Add SSO Connection dropdown in FundApps:
Provide a Display Name and the URL of your ADFS instance. This should take the format https://<your-adfs-domain>
Click Create to finish setting up the ADFS SSO Connection.
Option 2: With Federation Metadata XML
Copy the contents of the XML file returned by your ADFS Server’s Federation Metadata URL.
This takes the formhttps://<your-adfs-domain>/FederationMetadata/2007-06/FederationMetadata.xmlSelect ADFS XML from the Add SSO Connection dropdown in FundApps:
Provide a Display Name and the contents of the XML file you just copied.
Click Create to finish setting up the ADFS SSO Connection.