ADFS
Quick guide to setup ADFS access protocol in Exivity.
Last updated
Was this helpful?
Quick guide to setup ADFS access protocol in Exivity.
Last updated
Was this helpful?
On ADFS side, go to Trust Relationships -> Relying Party Trusts, click on Add Relying Party Trust
Select Data Source: Enter data about the relying party manually
Specify Display Name: Exivity
Choose Profile: AD FS Profile
Configure Certificate: Leave blank
Configure URL: Leave blank
Configure Identifier:
Configure Multi-factor authentication now?: Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time.
Choose Issuance Authorization Rules: Permit all users to access this relying party
Ready to Add trust: --
Click on Finish.
Right click the newly added trust: Properties
Go to Endpoints – Add SAML:
Endpoint type: SAML Assertion Consumer
Binding: POST
Trusted URL:
Click on Save.
Right click the newly added trust: Edit Claim Rules
Go to Issuance Transform Rules – Add Rule
Choose Rule Type: Send Claims using a Custom Rule
Configure Claim Rule:
Claim Rule Name – Exivity
Custom Rule:
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
Finally, click on Save.
First, go to Administration - Settings - Single sign-on and choose the SAML tab:
In a separate browser tab, open the Exivity SAML configuration and fill the following settings:
Exivity SAML setting
Use value
Entity ID
Sometimes called the Issuer or Metadata URL. Example: http://ADFS-URL/adfs/services/trust
SSO URL
The URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example: https://ADFS-URL/adfs/ls
SLO URL
The URL of the Single Logout service endpoint, suffix with ?wa=wsignout1.0
Example: https://ADFS-URL/adfs/ls/?wa=wasignout1.0
X-509 certificate
Base-64 encoded (DER) certificate, enclosed between -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
Advanced settings
{
"security": {
"wantXMLValidation": false
}
}
As the last step, enable Single Sign-On in Exivity by navigating to Administration > Settings and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:
SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this:
And by clicking on the Login button, you'll be taken to the ADFS login screen.