Search…
ADFS
Quick guide to setup ADFS access protocol in Exivity.

Setting up ADFS Configuration

On ADFS side, go to Trust Relationships -> Relying Party Trusts, click on Add Relying Party Trust
    Select Data Source: Enter data about the relying party manually
    Specify Display Name: Exivity
    Choose Profile: AD FS Profile
    Configure Certificate: Leave blank
    Configure URL: Leave blank
    Configure Multi-factor authentication now?: Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time.
    Choose Issuance Authorization Rules: Permit all users to access this relying party
    Ready to Add trust: --
    Click on Finish.
Right click the newly added trust: Properties
Right click the newly added trust: Edit Claim Rules
    Go to Issuance Transform RulesAdd Rule
    Choose Rule Type: Send Claims using a Custom Rule
    Configure Claim Rule:
      Claim Rule Name – Exivity
      Custom Rule:
      c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
      => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
    Finally, click on Save.

Setting up ADFS in Exivity

Make sure to perform the following steps with an Exivity user with enough rights (admin user)
First, go to Administration - Settings - Single sign-on and choose the SAML tab:
In a separate browser tab, open the Exivity SAML configuration and fill the following settings:
Exivity SAML setting
Use value
Entity ID
Sometimes called the Issuer or Metadata URL. Example: http://ADFS-URL/adfs/services/trust
SSO URL
The URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example: https://ADFS-URL/adfs/ls
SLO URL
The URL of the Single Logout service endpoint, suffix with ?wa=wsignout1.0 Example: https://ADFS-URL/adfs/ls/?wa=wasignout1.0
X-509 certificate
Base-64 encoded (DER) certificate, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
Advanced settings
{ "security": { "wantXMLValidation": false } }
As the last step, enable Single Sign-On in Exivity by navigating to Administration > Settings and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:
SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this:
And by clicking on the Login button, you'll be taken to the ADFS login screen.

Last modified 1yr ago