---
title: "SSO setup guide for ADFS"
slug: "sso-setup-guide-for-adfs"
updated: 2023-01-06T15:49:07Z
published: 2023-01-06T15:49:07Z
canonical: "docs.catchpoint.com/sso-setup-guide-for-adfs"
---
> ## Documentation Index
> Fetch the complete documentation index at: https://docs.catchpoint.com/llms.txt
> Use this file to discover all available pages before exploring further.
# SSO setup guide for ADFS
## Overview
ADFS (Active Directory Federation Services) is a standards-based service that allows the secure sharing of identity information between trusted business partners (known as a federation) across an extranet. When a user needs to access a Web application from one of its federation partners, the user's own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions.For more information about ADFS, go to https://msdn.microsoft.com/en-us/library/bb897402.aspx
## What you need:
### ADFS requirements
1. An Active Directory instance where all users have an email address attribute.
2. A server running Microsoft Server 2012 or 2016. This guide uses screenshots from Server 2016R2.
3. An SSL certificate to sign your ADFS login page and the fingerprint for that certificate.
### Catchpoint requirements
1. SSO must be enabled in the portal by your Catchpoint Representative.
2. Federation Service Identifier.
3. Your ADFS token signing certificate.
## ADFS Setup
### Add Relying Party Trusts
In ADFS Management, select **Add Relying Party Trust**
### Add Identifier:
**https://portal.catchpoint.com/SAML2**
Note: Do NOT add a slash "/" at the end of identifier
### Add Logout Endpoint
In ADFS Management, open **Trust Relationships**, choose the **Relying Party Trust**, then on the **Action** menu click on **properties.**
### Select the Endpoints tab
Click **ok** to finish adding the endpoint
### Export Certificate for Signature Verification
1. In AD FS Management \> Open **Service \> Select Certificates**
2. On the right-hand side, choose the **“Token-signing”** certificate.
### Select Version \> Click Copy to File
In to AD FS Management \> Open Trust Relationships \> Choose the Relying Party Trust \> On the action menu click on properties \> Select the Signature tab \> Click Add
Select your exported certificate from the previous step.
## Add Claim Attributes to your Relying Party Trust
In to AD FS Management \> Open Trust Relationships \> Choose the Relying Party Trust \> On the action menu click on properties \> Select Edit Claim Issuance Policy
### Click Add Rule
### In Claim rule template \> Send LDAP Attribute as Claims
### Name your Claim Rule
1. Choose **Active Directory** in the Attribute Store Dropdown
2. In the LDAP Attribute, Select **E-Mail Addresses**
3. In the Outgoing Claim Type, Select **E-Mail Address**
4. Click **Ok**
5. Click **Add Rule**
6. In Claim rule template \> Select **Transform an Incoming Claim**
### Name your Claim Rule
1. In Incoming rule name: Select **E-Mail Address**
2. Outgoing claim type: **Name ID**
3. Outgoing name ID format: **Email**
4. Click **Add Rule**
5. In Claim rule template \> Select **Send Claim Using a Custom Rule**
### Name your Claim Rule
In the Custom Rule add:
`=\> issue(Type = "namespace", Value = "MyAdfsSSO");`
Leave the Type attribute as “namespace”. Note this value is case sensitive
The Value attribute should be the namespace value in the Catchpoint portal
## Catchpoint Setup
### Setup ADFS SSO in Catchpoint portal
### Locating your Federation Service Identifier
### Catchpoint SSO SettingsIn the Catchpoint portal \> go to Settings \> Select SSO Identity Provider
Identity Provider Issuer: **adfs2.yourdomain.net**
Look at section Locating your Federation Service Identifier
Single Sign-On URL:
Logout URL:
Certificate:
Look at section Certificate Signature.
Copying your certificate signature.
## See Also:
Single Sign-On