AD FS | SAML
1. Display name
Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This can be changed later.
2. Redirect Mode
Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.
3. Prepare IDP
In this step, you will configure AD FS to work with Kantega SSO. The easiest way to prepare AD FS is by using PowerShell. Copy the script, you need it it in the next step.
Configure AD FS
External
If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.
Login to your AD FS server and start a PowerShell terminal window as an administrator. Then paste the PowerShell script into the terminal window and run it.
Your Atlassian application is now added as a relying party in AD FS.
Go back to the Kantega SSO setup wizard.
4. Metadata
Type the hostname of your AD FS server in the import Metadata step. Importing metadata using the AD FS host name is recommended, as it allows for automatically updating certificates.
If your server does not have network access to the AD FS server, please download the metadata file from this URL using a browser: https://<adfs-server.example.com>/federationmetadata/2007-06/federationmetadata.xml
and then upload the metadata file in the “Upload metadata XML file” area.
5. Redirect URL
No need to do anything. The Redirect URL is automatically fetched from the metadata you imported in the previous step.
6. Certificate
This step shows the certificate used to validate the SAML messages.
7. Summary
Check that everything looks good and submit your setup
Test
Test that the log in with AD FS works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.