Active Directory Federated Services (ADFS)

For users to authenticate to AuditFindings the the ADFS server must be configured and the ADFS integration must be enabled from the AuditFindings system.  

At present, AuditFindings only supports service initiated ADFS authentication.  What this means is that the end user must access initiate the login process at  If ADFS is enabled on the users domain, they will received an authentication prompt allowing them to authenticate with Microsoft ADFS as shown below.


These instructions are broken down into two major components.

1) Configuring the ADFS server

2) Enabling ADFS on the AuditFindings system

Configuring the ADFS server

The instructions below are generic and should apply for most ADFS installations, but there may be some various.  These instruction assume the user is familiar with configuring ADFS.  If assistance is needed beyond these instruction, please contact our support staff. 

Setting up ADFS integration with AuditFindings requires a Windows Server with the Active Directory Federation Services role installed and configured on the server for the domain.

Adding the Relying Party Trust:

From the AD FS Management Console (Server Manager -> Tools -> AD FS Management), Select Relying Party Trusts, then Select Add Relying Party Trust form the right navigation menu.


Select “Claims aware”, then the Start button at the bottom


Select Enter data about the relying party manually, then click the Next button


Choose a Display name for the configuration. This can be anything that will help identify the integration


SKIP Configure Certificate:  Do NOT select a certificate in this step.   


Check the box titled “Enable support for the SAML 2.0 WebSSO protocol”. Enter for the Relying Party SAML 2.0 SSO service URL.


Enter for the Relying party trust identifier, and click Add


Choose your desired Access Control Policy, this will control who has access to the integration and how they will be required to sign in. The default is “Permit everyone”


Check “Configure claims issuance policy for this application” and click Close


The Claims issuance policy dialog should now open. Click Add Rule


Choose Send LDAP Attributes as Claims, then click Next


Select the following mapping to map the correct LDAP attributes to Claim types for proper generation of SAML responses. Choose the appropriate Attribute store (Probably Active Directory) Click Finish.

Claim_Rule_2.pngRight-click on the Relying Party Trust and select Properties. On the Endpoints tab, double click the SAML Assertion Consumer Endpoint.


Check the option title “Set the trust URL as default”. Click OK, then Apply on the Properties dialog.


With the ADFS server configuration complete, the next step is to enable ADFS on the AuditFinding system. 

Enabling ADFS on the AuditFindings system

With an account with administrative access rights, log into AuditFindings and go to the Admin page.   Then, go to the Single Sign On Settings section and click the Microsoft ADFS tab.


Then enter your Active Directory Information into the provided fields.


Status:  The status dropdown allows for ADFS authentication to be enabled or disabled at any time. 

AD Domain : The Active Directory domain for your organizations Domain Controller

Account Email Domain : The domain that all Active Directory users will use for their accounts.

Federation Meta Data:  Provide an ADFS SAML Metadata URL or XML text.  This can be input via a URL or via pasting XML data.  An example would be something like: 

https://{ADFS DOMAIN HERE}/FederationMetadata/2007-06/FederationMetadata.xml

Public Signing Certificate (PEM Encoded) - Supply a PUBLIC certificate. This is PEM-encoded version of the certificate WITHOUT the private key. This certificate allows AuditFindings to validate the SAML response sent back from the ADFS server.

Save settings.

Confirm the setup. 

After set-up, visit , use your email that matches the same “Account Email Domain” setting used during configuration. You will see the Microsoft Federation Services option for login. No password is required for ADFS authentication.

You will be redirected you your company’s ADFS server for final authentication.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk