Skip to main content
Version: Cloud

AD Federation Services and SAML

DISCLAIMER


This page contains third-party references. We strive for our content to always be up-to-date, however, the content referring to external vendors may change independently of Omada. If you spot any inconsistency, please report it to our Helpdesk.

Here you can find details on how to configure AD Federation Services with SAML.

Configure Omada Identity

  1. Follow the steps in the Configuring Omada Identity for Single Sign-on using SAML section.

  2. Update the IdPEndPoint in tblCustomerAuth to point to the installed ADFS server.

  3. Update the IdpIssuer and IdpAudience in tblCustomerAuth with the URL of the Omada Identity.

  4. You can update all three columns by running the query, for example:

    UPDATE tblCustomerAuth SET IdpEndPoint = 'https://adfs1.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml',

    IdpIssuer = 'https://enterpriseserver/logon.aspx' , IdpAudience = 'https://enterpriseserver/logon.aspx'

Configure AD Federation Services and SAML

  1. Open AD Federation Services, select Relying Party Trusts folder, and Add Relying Party Trusts.

    info

    For information about how to install ADFS Role Service refer to the Microsoft documentation.

    For information on how to enable ADFS login page, please refer to Microsoft documentation.

  2. In the opened dialog box select Claims aware application and Start configuration.

  3. Select the Enter data about the relying party manually option and click Next.

  4. On the next screen provide the Display name and click Next.

  5. As a Relying party SAML 2.0 SSO service URL provide the address of the Omada Identity.

  6. On the next screen add the Relying party trust identifier.

  7. For the added Relying party trust, edit the Claim Issuance Policy and add emailClaim rule.

note

Make sure your config for the NameId looks as follows: