How to configure Single Sign On with ADFS 3.0

Document created by Joseph Brown Employee on May 8, 2018
Version 1Show Document
  • View in full screen mode

 From ADFS Management Console, start the wizard for a new relying party trust:


 Just click start to move forward:


Make sure you enter the correct URL for your organization tenant and click next:


Enter a name and description for the relying party:


Skip the multi-factor authentication:


Permit all users to access this relying party:


Review the information and click next:


On the last screen, just click close and the Edit claim rules window will open:


Click on Add Rule. button to add a new rule. When the wizard appears, select Send LDAP Attributes as Claims for the rule template and click next:


Set a rule name, set Active Directory as the attribute store and configure the appropriate attribute mapping. Then click finish.



Add a second rule but select the rule template Transform an Incoming Claim and click next:


Set a rule name and set the following parameters:

  • Incoming claim type: AD FS 1.x E-Mail Address

  • Outgoing claim type: Name ID

  • Outgoing name ID format: Email

  • Select Pass through all claim values

Click finish.


Confirm the changes by clicking the OK button:


ADFS configuration is done and you're ready to setup Samanage SSO!

Note: The two required fields in Samanage are:

Identity Provider URL  - This is the full ADFS server url with the SAML endpoint which is typically 
X 509 Certificate - This is the Token-Signing Certificate from ADFS exported in Base 64-encoded X.509 (.CER)

1 person found this helpful