AD FS | SAML

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This can be changed later.

2. Redirect Mode

Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.

3. Prepare IDP

In this step, you will configure AD FS to work with Kantega SSO. The easiest way to prepare AD FS is by using PowerShell. Copy the script, you need it it in the next step.

Configure AD FS

External

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.

Login to your AD FS server and start a PowerShell terminal window as an administrator. Then paste the PowerShell script into the terminal window and run it.

Your Atlassian application is now added as a relying party in AD FS.

Go back to the Kantega SSO setup wizard.

4. Metadata

Type the hostname of your AD FS server in the import Metadata step. Importing metadata using the AD FS host name is recommended, as it allows for automatically updating certificates. 

If your server does not have network access to the AD FS server, please download the metadata file from this URL using a browser:
https://<adfs-server.example.com>/federationmetadata/2007-06/federationmetadata.xml
and then upload the metadata file in the “Upload metadata XML file” area.

 

5. Redirect URL

No need to do anything. The Redirect URL is automatically fetched from the metadata you imported in the previous step.

 

6. Certificate

This step shows the certificate used to validate the SAML messages.

 

7. Summary

Check that everything looks good and submit your setup

 

Test

Test that the log in with AD FS works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.