LogoLogo
3.5.7
3.5.7
  • Introduction
  • Getting started
    • Installation
      • On-premises
        • Single-node
        • Multi-node
      • Azure Market Place
      • AWS Market Place
    • Tutorials
      • Amazon AWS CUR
      • Amazon AWS CUR (Athena)
      • Azure Stack
      • Azure EA
      • Azure CSP
      • Google Cloud
      • VMware vCloud
      • VMware vCenter
    • Concepts
      • User interface
      • Services
    • Releases
      • Upgrading to version 3
      • Known issues
      • Announcements
      • Archive
  • Reports
    • Accounts
    • Services
    • Instances
    • Summary
    • Budget
  • Services
    • Manage
    • Rates
    • Adjustments
    • Subscriptions
  • ACCOUNTS
    • Budget management
  • Data pipelines
    • Extract
      • Configuration
      • Templates
      • Script basics
      • Parslets
      • Subroutines
        • check_dateformat
        • check_dateargument
        • format_date
        • validate_response
      • Language
        • aws_sign_string
        • basename
        • buffer
        • csv
        • clear
        • discard
        • encode
        • encrypt
        • environment
        • escape
        • exit_loop
        • foreach
        • generate_jwt
        • get_last_day_of
        • gosub
        • gunzip
        • hash
        • http
        • if
        • json
        • loglevel
        • loop
        • match
        • pause
        • print
        • return
        • save
        • set
        • subroutine
        • terminate
        • unzip
        • uri
        • var
    • Transform
      • Transform Preview
      • Configuration
      • Language
        • aggregate
        • append
        • calculate
        • capitalise
        • convert
        • copy
        • correlate
        • create
        • default
        • delete
        • environment
        • event_to_usage
        • export
        • finish
        • if
        • import
        • include
        • lowercase
        • normalise
        • option
        • rename
        • replace
        • round
        • services
        • set
        • split
        • terminate
        • timecolumns
        • timerender
        • timestamp
        • update_service
        • uppercase
        • var
        • where
    • Datasets
    • Lookups
    • Metadata
    • Reports
    • Workflows
  • Administration
    • User management
      • SAML2/LDAP
      • Users
      • Groups
    • Notifications
    • Settings
      • Global Variables
  • Advanced
    • Integrate
      • GUI automation
        • Examples
      • API docs
      • Single sign-on
        • Azure-AD
        • Auth0
        • OneLogin
        • ADFS
        • LDAP
    • Security
    • Digging deeper
      • Authentication flows
      • Transformer datadate
      • Dataset lifecycle
      • Config.json
      • Directories
      • Databases
  • Terms & Conditions
  • Privacy Policy
Powered by GitBook
On this page
  • Setting up ADFS Configuration
  • Setting up ADFS in Exivity

Was this helpful?

Export as PDF
  1. Advanced
  2. Integrate
  3. Single sign-on

ADFS

Quick guide to setup ADFS access protocol in Exivity.

PreviousOneLoginNextLDAP

Last updated 4 years ago

Was this helpful?

Setting up ADFS Configuration

On ADFS side, go to Trust Relationships -> Relying Party Trusts, click on Add Relying Party Trust

  • Select Data Source: Enter data about the relying party manually

  • Specify Display Name: Exivity

  • Choose Profile: AD FS Profile

  • Configure Certificate: Leave blank

  • Configure URL: Leave blank

  • Configure Identifier:

  • Configure Multi-factor authentication now?: Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time.

  • Choose Issuance Authorization Rules: Permit all users to access this relying party

  • Ready to Add trust: --

  • Click on Finish.

Right click the newly added trust: Properties

  • Go to Endpoints – Add SAML:

    • Endpoint type: SAML Assertion Consumer

    • Binding: POST

    • Trusted URL:

  • Click on Save.

Right click the newly added trust: Edit Claim Rules

  • Go to Issuance Transform Rules – Add Rule

  • Choose Rule Type: Send Claims using a Custom Rule

  • Configure Claim Rule:

    • Claim Rule Name – Exivity

    • Custom Rule:

    • c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]

      => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");

  • Finally, click on Save.

Setting up ADFS in Exivity

Make sure to perform the following steps with an Exivity user with enough rights (admin user)

First, go to Administration - Settings - Single sign-on and choose the SAML tab:

In a separate browser tab, open the Exivity SAML configuration and fill the following settings:

Exivity SAML setting

Use value

Entity ID

Sometimes called the Issuer or Metadata URL. Example: http://ADFS-URL/adfs/services/trust

SSO URL

The URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example: https://ADFS-URL/adfs/ls

SLO URL

The URL of the Single Logout service endpoint, suffix with ?wa=wsignout1.0 Example: https://ADFS-URL/adfs/ls/?wa=wasignout1.0

X-509 certificate

Base-64 encoded (DER) certificate, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----

Advanced settings

{ "security": { "wantXMLValidation": false } }

As the last step, enable Single Sign-On in Exivity by navigating to Administration > Settings and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:

SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this:

And by clicking on the Login button, you'll be taken to the ADFS login screen.

https://EXIVITY-URL /v1/auth/saml/metadata
https://EXIVITY-URL/v1/auth/saml/acs