Follow the steps given below to configure SAML authentication for Azure ADFS in Applications Manager:
The first part of this process includes configuring AD FS. If you want to do this manually, start following from Step 4.
1. Open AD FS management console and click on Add Relying Party Trust to open the wizard.
2. Now, go to Applications Manager and navigate to Settings -> User Management -> SAML Authentication. Download the Service Provider metadata and SP Certificate files from the links provided in the SP certificate file and SP metadata file fields and copy the values of Entity ID and Assertion Consumer URL fields.
3. Switch to the AD FS window, click Start and choose Import data about the relying party from a file option. Upload the metadata file. Click on Next.
After the above steps, you can skip to step 7 in the Configuring AD FS manually section.
Configuring AD FS manually:
1. Login to AD FS management and select Add Relying Party Trust.
2. Click Start and choose Enter data about the relying party manually option. Click on Next.
3. Go to Choose Profile and select AD FS profile. Click Next.
4. Choose Enable support for SAML 2.0 WebSSO protocol option and enter the service provider URL. Click on Next.
5. Open Applications Manager and copy the Entity ID. Go to Configure Identifiers in Microsoft AD FS profile and paste the Entity ID in Relying party trust identifier field.
6. Choose the I do not want to configure multi-factor authentication settings for this relying party trust at this time option. Click Next.
7. Select Permit all users to access this relying party option. Click Next.
8. When the successive window opens, click Next.
9. Check the Open the Edit Claim Rules dialog for this relying party trust option when the wizard closes and click on Close.
10. Click on Add Rule. In the drop-down list under the Claim rule template, choose Transform an Incoming Claim and click Next.
11. Enter an appropriate Claim rule name. Choose Windows account name as Incoming claim type. Select Name ID as Outgoing claim type. Choose Transient Identifier as Outgoing name ID format. Select Pass through all claim values. Click on Finish.
12. Click on Apply and then select OK.
13. The next step is to download the Federation Metadata XML file from ADFS. You can download the XML by appending: FederationMetadata/2007-06/FederationMetadata.xml to the root URL of the ADFS server.
14. Open Applications Manager, navigate to the Settings -> User Management -> SAML Authentication. Here, select the IdP as AD FS and choose the Name ID as Username. Adjacent to Configuration by uploading, choose Metadata and upload the Metadata XML file.
Once the configurations are done on both sides, SAML authentication via AD FS will be enabled in Applications Manager.
You will now be able to login to Applications Manager using your Microsoft AD FS account from the login page.