What is Microsoft ADFS?
Microsoft Active Directory Federation Services is a Single Sign-On solution created by Microsoft and included as a component in their Windows Server Operations System. It allows Single Sign-On from Integrated Windows Authentication for applications that do not support Active Directory.
This guide is to support customers who want to use Microsoft ADFS for Single Sign-On to One Model.
Configure One Model
To start navigate to One Model, Admin, Company, and find the SAML 2 Integration, and select + Add SAML2 Integration. Setup the following configuration:
- Metadata URL
You can also set Populate Person ID with SAML Attribute. This is only required if you'd like to setup Contextual Security in One Model, and you have the Person ID for Contextual Security available in ADFS. The Person ID Attribute will need to be made available from ADFS in order to be used here.
Once these settings are saved, you should have an ACS URL and Entity ID generated that you can then put into ADFS. The matching ADFS configuration can be found over the following screens:
Transform the Incoming Claim
In order to get First and Last Name for the employee which are required for SSO, you'll also need to create a rule to transform an incoming claim. You can also include their Person ID (called EmployeeNumber here) in order to use Contextual Security. Some example configuration is below: