2024 October Release

Configuration of Active Directory Federation Services (AD FS)Permanent link for this heading

Active Directory Federation Services can be used as identity provider. The following chapters describe how to configure AD FS for the Fabasoft Cloud.

Note: To be able to login via the mobile app you need a valid HTTPS certificate for the AD FS server.

Configure Your AD FSPermanent link for this heading

To configure your AD FS for the Fabasoft Cloud, perform the following steps:

  1. Start the “AD FS Management” (“Server Manager” > “Tools”).
  2. On the context menu of “Relying Party Trusts”, click “Add Relying Party Trust”.
  3. Select Claims aware and click “Start”.
  4. Enter the URL https://<server>/idp/saml/metadata (e.g. https://idp.cloud.fabasoft.com/idp/saml/metadata) in the Federation metadata address field and click “Next”.
    Note: Alternatively, you can download the metadata.xml from the URL and use the second option to import the file.
  5. Enter a display name and click “Next”.
  6. Choose an access control policy and click “Next”.
  7. Check the settings and click “Next”.
  8. Select Configure claims issuance policy for this application and click “Close”.
  9. Click “Add Rule” to open the “Add Transform Claim Rule Wizard”.
  10. In the Claim rule template field, select “Send LDAP Attributes as Claims” and click “Next”.
  11. Enter a rule name, add the attributes you want to send and click “Finish”.

    At least the following outgoing claim types must be defined:
    • Name ID
      The LDAP attribute that is assigned to the outgoing claim type “Name ID” must contain the user’s e-mail address, which is used for the Fabasoft Cloud log-in.
    • Surname
    • Given Name
  12. Click “OK”.
  13. On the context menu of the created relying party trust, click “Properties”.
  14. Click the “Advanced” tab, select the secure hash algorithm “SHA-256” and click “OK”.

MetadataPermanent link for this heading

The FederationMetadata.xml metadata file can be opened and saved using the following link:
https://<your AD FS>/FederationMetadata/2007-06/FederationMetadata.xml

The XML file must be uploaded to your cloud organization (“Advanced Settings” > “Login Options” > “Active Directory / SAML 2.0” action).