Skip to main content

ADFS as Identity Provider

Active Directory Federation Services (ADFS) is a Microsoft service that enables Single Sign-On (SSO), identity federation, and secure access to web applications. When integrated with LoginRadius as a Custom Identity Provider (IdP) using SAML 2.0, ADFS allows organizations to authenticate users via their existing Active Directory credentials, streamlining access and maintaining centralized control.

With this setup, you can:

  • Use Active Directory credentials to authenticate users.
  • Extend federation capabilities to applications integrated with LoginRadius.
  • Retain centralized user management while leveraging LoginRadius features like analytics, flexible login experiences, and customer segmentation.

Key Features

Here are some key features of using ADFS as a Custom IdP with LoginRadius:

  • SAML 2.0 Federated Login: Authenticate users through ADFS using industry-standard SAML protocols.
  • Secure Assertion Exchange: Safely validate login sessions using certificate-based assertions.
  • Seamless Configuration: Easily configure ADFS as a Custom IdP via the LoginRadius Admin Console.
  • Branded Login Options: Show a custom "Login with ADFS" button on your authentication screens.
  • Complete SSO Support: Manage both login and logout flows using SAML, including Single Logout (SLO).

Use Cases

Here are some scenarios where integrating ADFS with LoginRadius is beneficial:

  • Enterprise SSO: Let employees sign in using their Active Directory accounts to access cloud or SaaS apps via LoginRadius.
  • Secure B2B Access: Grant partners access to your applications using their corporate ADFS infrastructure.
  • Customer Federation: Enable customers who use ADFS to log into your platform securely.
  • Multi-Tenant Identity Management: Handle user access for multiple business units or clients using ADFS as a centralized IdP.
  • Regulatory Compliance: Use ADFS’s security and auditing features to comply with standards like HIPAA, SOC 2, and GDPR.
  • Enhanced Security: Enforce MFA policies configured in ADFS for added protection.

Configuration

Follow these steps to create and configure a SAML 2.0 application in ADFS:

Step-by-Step Configuration

Step 1: Create an Access Control Namespace in the Azure portal by navigating to: App Services > Active Directory > Access Control

Step 2: Select the namespace you’ve created.

Step 3: From the top menu, click on Applications.

Step 4: Click the Add button to register a new application.

Step 5: Provide a name for the application in the Name field (this can be any name of your choice).

Step 6: In the Sign-On URL, enter:
https://<LR-Site-Name>.hub.loginradius.com/saml/serviceprovider/AdfsACS.aspx

Step 7: In the App ID URI, enter:
https://<LR-Site-Name>.hub.loginradius.com/

Step 8: In the Reply URL, enter:
https://<LR-Site-Name>.hub.loginradius.com/saml/serviceprovider/AdfsACS.aspx

Step 9: After adding the app, click View Endpoints. These details will be required later when configuring LoginRadius.

Step 10: To retrieve your certificate, click the Quick Start button available before the Admin Console section.

Step 11: Navigate to the Get Started section.

Step 12: Click on Enable Users to Sign On.

Step 13: Locate and open the Federation Metadata Document URL in a new browser tab.

Step 14: Within the metadata, locate the Identity Provider Certificate. You will need this certificate for the LoginRadius configuration.

Integration Details

After configuring ADFS as a Custom IDP:

  • The ADFS login button will appear on your LoginRadius login page.
  • Users are redirected to ADFS to authenticate using their AD credentials.
  • Upon successful login, users are redirected back to LoginRadius with an active session.