# ADFS

## Setting up ADFS Configuration

On ADFS side, go to ***Trust Relationships*** -> ***Relying Party Trusts***, click on *Add Relying Party Trust*

* Select Data Source: Enter data about the relying party manually
* Specify Display Name: Exivity
* Choose Profile: AD FS Profile
* Configure Certificate: *Leave blank*
* Configure URL: *Leave blank*
* Configure Identifier: [https://EXIVITY-URL /v1/auth/saml/metadata](https://docs.exivity.com/advanced/integrate/sso/adfs)
* Configure Multi-factor authentication now?: Choose *I do not want to configure multi-factor authentication settings for this relying party trust at this time.*
* Choose Issuance Authorization Rules: Permit all users to access this relying party
* Ready to Add trust: --
* Click on *Finish*.

Right click the newly added trust: ***Properties***

* Go to *Endpoints – Add SAML*:
  * Endpoint type: SAML Assertion Consumer
  * Binding: POST
  * Trusted URL: <https://EXIVITY-URL/v1/auth/saml/acs>
* Click on *Save*.

Right click the newly added trust: **Edit Claim Rules**

* Go to *Issuance Transform Rules* – *Add Rule*
* Choose Rule Type: *Send Claims using a Custom Rule*
* Configure Claim Rule:
  * Claim Rule Name – *Exivity*
  * Custom Rule:
  * `c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]`

    `=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");`
* Finally, click on *Save.*

## Setting up ADFS in Exivity

{% hint style="info" %}
Make sure to perform the following steps with an Exivity user with enough rights (admin user)
{% endhint %}

First, go to **Administration** - **Settings** - **Single sign-on** and choose the *SAML* tab:

![](/files/-MAQMqMQWdCGhZC890M9)

In a separate browser tab, open the Exivity SAML configuration and fill the following settings:

| Exivity SAML setting  | Use value                                                                                                                                  |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
| **Entity ID**         | *Sometimes called the Issuer or Metadata URL. Example: <http://ADFS-URL/adfs/services/trust>*                                              |
| **SSO URL**           | *The URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example:  <https://ADFS-URL/adfs/ls>*             |
| **SLO URL**           | *The URL of the Single Logout service endpoint*, suffix with `?wa=wsignout1.0` *Example:  <https://ADFS-URL/adfs/ls/?wa=wasignout1.0>*     |
| **X-509 certificate** | *Base-64 encoded (DER) certificate, enclosed between* `-----BEGIN CERTIFICATE-----` *and* `-----END CERTIFICATE-----`                      |
| **Advanced settings** | <p><code>{</code><br>  <code>"security": {</code><br>    <code>"wantXMLValidation": false</code><br>  <code>}</code><br><code>}</code></p> |

As the last step, enable Single Sign-On in Exivity by navigating to *Administration* > *Settings* and then clicking on the *System* tab. Make sure the *Single Sign-On* option is set to *Enabled*, and click the *Update* button:

![](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2a-1m4rWCtNzX6%2Fazure-ad-exivity-configuration.png?generation=1531424669531682\&alt=media)

SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this:

![](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2cVXgVSEJprLbl%2Fexivity-login-sso.png?generation=1531424668611642\&alt=media)

And by clicking on the *Login* button, you'll be taken to the ADFS login screen.

##


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://olddocs.exivity.io/3.5.4/advanced/integrate/sso/adfs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.