Guides → ADFS SSO Configuration

To enable single sign-on using Microsoft Active Directory Federation Service (ADFS), you must configure ADFS and Incorta.

ADFS accepts secure URLs only, so the URLs of Incorta and any additional tools must use https.

Configure ADFS

  • Open the ADFS manager.
  • Right-click ADFS, and then select Add Relying Party Trust.
  • Select Claims aware, and then Start.
  • Select Enter data about the relying party Manually, and then Next.
  • Enter a display name, and then select Next.
  • Browse to an encryption certificate or select Next to continue without an encryption certificate.
  • Select Enable for the SAML 2.0 WebSSO protocol.
  • Enter the Incorta SSO link in the following format and select Next: https://<incorta-instance-address>/incorta/<tenant-name>/.
  • Add a relying identifier, for example, enter the Incorta URL https://<incorta-instance-address>/incorta, and then select Next.
  • Select Permit everyone, then Next.
  • Select Next, and then Finish.
  • Select the relying parts in the left panel and the relying party you created and select properties in the right panel.
  • Select the Advanced tab, and then SHA-1 in Secure hash algorithm.
  • Select the Endpoint tab.
  • Select Add.
  • Select SAML logout as the endpoint type, and then enter a URL in the format https://<<incorta-instance-address>/incorta/logout.jsp?rediredtUrl= in the Trusted URL and the Response URL fields.
  • Select Add Claim.
  • Select Send LDAP Attributes as Claim from Claim rule template, and then select Next.
  • Enter a Claim rule name.
  • From LDAP Attributes, select Display-Name and login name from the Outgoing claim type.
  • Select Finish.