You can choose to enforce SAML SSO for with ADFS for added security. Once set up, users in your organization can use their managed ADFS account credentials to sign in to via Single Sign-On (SSO.)

In this Article:

  • Connect SSO to

  • Create an App

  • Sending User attributes

  • Download Federation Metadata:

Connect SSO to

To connect your SSO to your instance of, please follow the instructions listed here: Steps to setup SSO

Create an App

After you have enabled SSO within, the next step is to create an App within your SSO:

  1. Open ADFS Management tool

  2. Expand Trust Relationships > Select Relying Party Trusts

  3. Right-click to Add Relying Party Trust

  4. On the Welcome page, click Start

  5. In the Select Data Source page, choose Enter data about the relying party manually

  6. Give a display name such as App

  7. In the Choose Profile page, choose ADFS Profile, which mentions SAML 2.0

  8. In the Configure Certificate page, browse and select the certificate to be used for Assertion Encryption. Skip this if Assertion Encryption is disabled

  9. In the Configure URL page, select the checkbox pertaining to Enable Support for the SAML 2.0 Web SSO protocol

  10. Add the SAML consumer url (typically of the form,<uuid> ) and click Next

  11. In the Configure Identifiers page, add the SAML consume URL and click Add, and proceed to the next page

  12. In the Configure MFA now? page, choose ‘I do not want to…’ and proceed

  13. In the Choose Issuance Authorization Rules page, choose ‘Permit all users…’ and proceed

  14. Review and complete the wizard to add the new Relying Party

Sending User attributes

The SAML user attributes can be set via Claim Rules in ADFS as shown below:

1. Email, First Name and Last Name: Add a Claim Rule of type ‘Send LDAP Attributes as Claims’ with the following as the attribute mapping:

2. Name ID: Add a Claim Rule of type ‘Transform an Incoming Claim’ with the following as the settings. This assumes that the Email address is the Name ID.

Download Federation Metadata:

You can get the federationmetadata.xml file from this link or you can find your ADFS Federation Metadata file URL on the ADFS server through the ADFS Management in ADFS > Service > Endpoints and go to section Metadata.

It should look like this If you can’t open the metadata URL link in the Internet Explorer, try using another browser

Update the following fields in the SSO Integration by copying them from federationmetadata.xml:

  • SAML 2.0 Endpoint URL: Location

  • Identity Provider Issuer URL: entityID

  • Public (X.509) Certificate: Copy the first X509Certificate value


Q. What to do when there is an error message: ‘We’re sorry, but something went wrong’?

A. We expect a property called “email” in the SAML response, please ensure that it is mapped while setting up your configuration in ADFS.

Did this answer your question?