Skip to main content
MindTouch Success Center

Set up SAML SSO with Active Directory Federation Services (ADFS)

This page applies to:MindTouch (current)

ADFS logo

This article reviews how MindTouch supports SSO with Active Directory Federation Services (ADFS) version 2.0+. 
 

 

The following information is based on Microsoft Azure. It is intended to supplement an ADFS administrator's expertise. It is assumed that future Microsoft Azure and Windows Server updates may change the accuracy of this documentation.

 

Prerequisites


How to set up MindTouch SAML SSO with ADFS 


Follow the steps below to configure MindTouch to be accessed via SAML SSO:

Step 1: Add MindTouch as an ADFS directory application

  1. Open the setup page for new applications to connect to ADFS. In Microsoft Azure, this is handled through the Active Directory panel.

Screenshot of ADFS app dialog

  1. Click Add.

Screenshot of adding app in ADFS

  1. Regardless of your version of Windows server, you will need to provide the following information to add MindTouch as a SAML SSO service provider (SP):
  • App ID URI.  The unique entity id for your MindTouch SP. It is your site's domain appended with the forward slash / and prefixed with  http:// (not HTTPS!).
    • Correct:  http://example.com/
    • Incorrect:  http://example.com
    • Incorrect:  https://example.com/
  • Reply URL. The URL to your MindTouch SP assertion consumer service. It is your hostname appended with the path /@app/saml/acs and prefixed with  http:// (NOT https!).
  • Federation Metadata URL. Required to allow SAML single logout (SLO). It is your hostname appended with the path /@app/saml/metadata and prefixed with  http:// (NOT https!).

Screenshot of ADFS single sign-on configuration

  1. Save the configuration.
  2. (Optional) To direct users to MindTouch and then redirect them to your ADFS implementation to log in, i.e. to perform an SP-initiated request, provide the following URL to your users:  http(s)://<example.your.site.com>/@app/saml/login

Step 2: Configure ADFS as an IdP

  1. Click View Endpoints to open a list of SSO endpoints

Screenshot of viewing endpoints in ADFS

  1. Download the Federation Metadata Document endpoint.

Screenshot of downloading federated metadata in ADFS

  1. Provide the IdP SAML metadata to MindTouch to configure your SP.
  2. Check the following match in the SP metadata endpoint https://example.com/@app/saml/metadata:
  • The SP metadata EntityDescriptor/@entityID attribute value should match the App ID URI in ADFS.
  • The SP metadata EntityDescriptor/SPSSODescriptor/AssertionConsumerService/@Location attribute value should match the Reply URL in ADFS
     

Need more help?


If you are interested in setting up SAML SSO with ADFS and have further questions, don't hesitate to reach out to our Support team.
 

What's next?


For information on signing SP to IdP requests refer to our technical notes on SAML SSO.