# ADFS ## Setting up ADFS Configuration On ADFS side, go to ***Trust Relationships*** -> ***Relying Party Trusts***, click on *Add Relying Party Trust* * Select Data Source: Enter data about the relying party manually * Specify Display Name: Exivity * Choose Profile: AD FS Profile * Configure Certificate: *Leave blank* * Configure URL: *Leave blank* * Configure Identifier: [https://EXIVITY-URL /v1/auth/saml/metadata](https://docs.exivity.com/advanced/integrate/sso/adfs) * Configure Multi-factor authentication now?: Choose *I do not want to configure multi-factor authentication settings for this relying party trust at this time.* * Choose Issuance Authorization Rules: Permit all users to access this relying party * Ready to Add trust: -- * Click on *Finish*. Right click the newly added trust: ***Properties*** * Go to *Endpoints – Add SAML*: * Endpoint type: SAML Assertion Consumer * Binding: POST * Trusted URL: [https://EXIVITY-URL/v1/auth/saml/acs](https://exivity-url/v1/auth/saml/acs) * Click on *Save*. Right click the newly added trust: **Edit Claim Rules** * Go to *Issuance Transform Rules* – *Add Rule* * Choose Rule Type: *Send Claims using a Custom Rule* * Configure Claim Rule: * Claim Rule Name – *Exivity* * Custom Rule: * `c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]` `=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");` * Finally, click on *Save.* ## Setting up ADFS in Exivity {% hint style="info" %} Make sure to perform the following steps with an Exivity user with enough rights (admin user) {% endhint %} First, go to **Administration** - **Settings** - **Single sign-on** and choose the *SAML* tab: ![](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MAQDG0rY_4SgOv1iBfo%2F-MAQMqMQWdCGhZC890M9%2Fimage.png?alt=media\&token=e1a7b856-9b24-4086-b9ca-6ef219f20c5f) In a separate browser tab, open the Exivity SAML configuration and fill the following settings: | Exivity SAML setting | Use value | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | | **Entity ID** | *Sometimes called the Issuer or Metadata URL. Example: * | | **SSO URL** | *The URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example: * | | **SLO URL** | *The URL of the Single Logout service endpoint*, suffix with `?wa=wsignout1.0` *Example: * | | **X-509 certificate** | *Base-64 encoded (DER) certificate, enclosed between* `-----BEGIN CERTIFICATE-----` *and* `-----END CERTIFICATE-----` | | **Advanced settings** |

{
"security": {
"wantXMLValidation": false
}
}

| As the last step, enable Single Sign-On in Exivity by navigating to *Administration* > *Settings* and then clicking on the *System* tab. Make sure the *Single Sign-On* option is set to *Enabled*, and click the *Update* button: ![](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2a-1m4rWCtNzX6%2Fazure-ad-exivity-configuration.png?generation=1531424669531682\&alt=media) SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this: ![](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2cVXgVSEJprLbl%2Fexivity-login-sso.png?generation=1531424668611642\&alt=media) And by clicking on the *Login* button, you'll be taken to the ADFS login screen. ##