Skip to main content

ADFS

Setting up ADFS Configuration

On ADFS side, go to Trust Relationships -> Relying Party Trusts, click on Add Relying Party Trust

  • Select Data Source: Enter data about the relying party manually
  • Specify Display Name: Exivity
  • Choose Profile: AD FS Profile
  • Configure Certificate: Leave blank
  • Configure URL: Leave blank
  • Configure Identifier: Identifier
  • Configure Multi-factor authentication now?: Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time.
  • Choose Issuance Authorization Rules: Permit all users to access this relying party
  • Ready to Add trust: --
  • Click on Finish.

Right click the newly added trust: Properties

  • Go to Endpoints – Add SAML:
    • Endpoint type: SAML Assertion Consumer
    • Binding: POST
    • Trusted URL:
  • Click on Save.

Right click the newly added trust: Edit Claim Rules

  • Go to Issuance Transform RulesAdd Rule
  • Choose Rule Type: Send Claims using a Custom Rule
  • Configure Claim Rule:

    • Claim Rule Name – Exivity

    • Custom Rule:

    • c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]

      => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");

  • Finally, click on Save.

Setting up ADFS in Exivity

Make sure to perform the following steps with an Exivity user with enough rights (admin user)

First, go to Administration - Settings - Single sign-on and choose the SAML tab:

In a separate browser tab, open the Exivity SAML configuration and fill the following settings:

Exivity SAML settingUse value
Entity IDSometimes called the Issuer or Metadata URL. Example: http://ADFS-URL/adfs/services/trust
SSO URLThe URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example: https://ADFS-URL/adfs/ls
SLO URLThe URL of the Single Logout service endpoint, suffix with ?wa=wsignout1.0 Example: https://ADFS-URL/adfs/ls/?wa=wasignout1.0
X-509 certificateBase-64 encoded (DER) certificate, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
Advanced settings<p><code>{</code> <code>"security": {</code> <code>"wantXMLValidation": false</code> <code>}</code><code>}</code></p>

As the last step, enable Single Sign-On in Exivity by navigating to Administration > Settings and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:

SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this:

And by clicking on the Login button, you'll be taken to the ADFS login screen.