How to set up an Active Directory Federation Service security provider

Audience: System administrators installing and configuring Sapho Server

Active Directory Federation Service (ADFS) is another security provider supported by Sapho that you can use to authenticate the users of Sapho micro apps.

ADFS setup

Go to the Security tab and select Active Directory Federation Service.

You’ll see the following fields in the dialog window:

  • Relying Party Identifier (RPID) - a unique identifier generated in the ADFS Management tool to properly identify Sapho Server.

    The callback URL to Sapho Server should be in the following format:
    https://:/api/v1/auth/soo
    The full setup of RPID is as follows:
  • Protocol - the protocol used to access the ADFS server. You can choose between WS-Fed, which is specific to Microsoft and IBM, or SAML, which is an open standard.
  • SSO Endpoint URL - the URL of the ADFS server.
  • Login Attribute - the name of the login attribute in the ADFS schema.
  • User Name Attribute - the name of the user name attribute in the ADFS schema.
  • Email Attribute - the name of the email attribute in the ADFS schema.

Click DONE when you are finished entering your ADFS security provider settings.

You can now set which micro apps use ADFS for access in the Micro Apps with Access section.

ADFS groups

Here’s how to use ADFS groups for access management within Sapho:

  1. Go to the Provider Details page of your ADFS security provider.
  2. Fill in the Group Attribute field according to your ADFS settings. You should use the name of the group attribute from your ADFS schema.
  3. Manually register the ADFS groups you want to use within Sapho for access management by clicking ADD NEW GROUP.
  4. Click SAVE SETTINGS.

Now, you’ll be able to use ADFS groups throughout Sapho, i.e. You can give access to micro apps based on your ADFS groups or send notifications to users based on their assigned groups.

Security requirements

To ensure that your connection is secure, we recommend you perform one of the following:

  1. Set up a reverse proxy for Sapho Server using an SSL connection, as described in the following guides:
  2. Make sure Sapho Server runs on https only.