Setup Single Sign On from Microsoft ADFS

Example configuration for setting up SSO from Microsoft Active Directory Federation Services to One Model. Read these instructions in conjunction with the article - Automated Role Assignment via Single-Sign-On. 

What is Microsoft ADFS?

Microsoft Active Directory Federation Services is a Single Sign-On solution created by Microsoft and included as a component in their Windows Server Operations System. It allows Single Sign-On from Integrated Windows Authentication for applications that do not support Active Directory. 

This guide is to support customers who want to use Microsoft ADFS for Single Sign-On to One Model.

Configure One Model

To start navigate to One Model, Admin, Company, and find the SAML 2 Integration, and select + Add SAML2 Integration. Setup the following configuration:

  • Metadata URL

  • Issuer

  • Email

You can also set Populate Person ID with SAML Attribute. This is only required if you'd like to setup Contextual Security in One Model, and you have the Person ID for Contextual Security available in ADFS. The Person ID Attribute will need to be made available from ADFS in order to be used here.


Configure ADFS

Once these settings are saved, you should have an ACS URL and Entity ID generated that you can then put into ADFS. The matching ADFS configuration can be found over the following screens:

Transform the Incoming Claim

In order to get First and Last Name for the employee which are required for SSO, you'll also need to create a rule to transform an incoming claim. You can also include their Person ID (called EmployeeNumber here) in order to use Contextual Security. Some example configuration is below:

Was this article helpful?

0 out of 0 found this helpful



Please sign in to leave a comment.