ADFS
Configure Single Sign-On (SSO) with Active Directory Federation Services (ADFS) to enable seamless authentication for your ept AI users using their existing Active Directory credentials.
Back to Integrations Overview
Overview
The ADFS SSO integration enables your ept AI users to:
- Sign in using their existing Active Directory credentials
- Access ept AI without creating separate accounts
- Benefit from Windows Server's enterprise security features
- Use existing Active Directory group memberships and policies
This integration supports SAML 2.0 authentication and integrates with on-premises Active Directory environments.
Prerequisites
Before setting up the ADFS SSO integration, ensure you have:
- ADFS Server: Active Directory Federation Services server configured
- Admin Access: ADFS administrator access
- ept AI Setup: Your ept AI instance configured and ready
- Network Access: Ability to reach the ADFS server from ept AI
Setup Instructions
Step 1: Configure Relying Party Trust in ADFS
-
Create New Relying Party Trust:
- Open ADFS Management console
- Navigate to ADFS > Trust Relationships > Relying Party Trusts
- Click "Add Relying Party Trust"
-
Configure Trust Settings:
- Display name: "ept AI"
- Identifier:
https://your-ept-ai-domain.com/saml/metadata - Click "Next"
-
Configure Endpoints:
- SAML 2.0 SSO service URL:
https://your-ept-ai-domain.com/saml/acs - SAML 2.0 SSO service binding: HTTP POST
- Click "Next"
- SAML 2.0 SSO service URL:
-
Configure Claim Rules:
- Add claim rules for user attributes:
Email -> user.email
First Name -> user.firstName
Last Name -> user.lastName
Groups -> user.groups
Step 2: Configure ept AI for ADFS SSO
-
Access SSO Settings:
- Log into your ept AI admin dashboard
- Navigate to Configuration > Users > SSO Settings
- Click "Configure SSO"
- Select "ADFS" as the SSO provider
-
Configure SAML Settings:
SSO Provider: ADFS
Entity ID: https://your-ept-ai-domain.com/saml/metadata
ACS URL: https://your-ept-ai-domain.com/saml/acs
ADFS URL: https://your-adfs-server.domain.com/adfs/ls
Signing Certificate: [Export from ADFS]
Configuration Options
Authentication Settings
- SAML 2.0: Full SAML 2.0 protocol support
- Certificate Management: Upload and manage SAML signing certificates
- Session Management: Configure session timeouts and renewal
- Logout: Configure single logout (SLO) behavior
User Provisioning
- Just-in-Time (JIT): Automatically create users on first sign-in
- Attribute Mapping: Map ADFS claims to ept AI user properties
- Group Synchronization: Sync Active Directory groups to ept AI roles
- User Updates: Automatically update user information from Active Directory
Use Cases
Enterprise Authentication
- Centralized Identity: Use existing Active Directory accounts for ept AI access
- Security Compliance: Meet enterprise security and compliance requirements
- User Management: Leverage Active Directory's user lifecycle management
- Access Control: Use Active Directory group policies for access control
On-Premises Integration
- Hybrid Environments: Support organizations with on-premises Active Directory
- Existing Infrastructure: Leverage existing ADFS investments
- Group Management: Use existing Active Directory group structures
- Policy Enforcement: Apply existing Active Directory policies
Best Practices
Security Configuration
- Certificate Management: Regularly rotate SAML signing certificates
- Claim Security: Only request necessary user claims
- Access Policies: Configure appropriate access policies in ADFS
- Audit Monitoring: Monitor SSO authentication logs regularly
Integration Management
- Testing: Regularly test the SSO integration
- Documentation: Maintain up-to-date configuration documentation
- Monitoring: Monitor integration health and performance
- Updates: Keep both ADFS and ept AI updated
Troubleshooting
Common Issues
Authentication Failures:
- Verify SAML certificate is valid and not expired
- Check claim mapping configuration
- Verify ACS URL and Entity ID match exactly
- Review ADFS relying party trust configuration
User Provisioning Issues:
- Check claim mapping in both ADFS and ept AI
- Verify user claims are being sent correctly
- Review user creation and update rules
- Check group synchronization settings
Getting Help
- ADFS Documentation: ADFS Configuration Guide
- SAML Testing: SAML Tracer browser extension
- Support: Contact support@ept.ai for integration assistance
Related Resources
-
Users - Manage user access and permissions
-
Active Directory Integration - Direct Active Directory integration
-
Azure AD Integration - Cloud-based alternative