Using ADFS for Windows Single Sign On (SSO)

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

ADFS SSO: Single sign-on access to systems and applications located across organizational boundaries

Sign Up

ADFS - Windows Single Sign-On (SSO)

Active Directory Federation Services (ADFS) is a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity.

Let us take an example to show you how to implement ADFS for miniOrange Windows Single Sign On

Installing Active Directory

Login to Windows Azure VM
Open the Server Manager from the task bar.
From Server Manager Dashboard select Add roles and features. This will launch the Roles and Features Wizard allowing for modifications to be performed on the Windows Server 2012 instance

ADFS SSO Server Manager Dashboard

Select Role-based or features-based installation from the Installation Type screen and click Next.
Note: Roles are the major feature sets of the server, such as IIS, and features provide additional functionality for a given role.

ADFS SSO features-based installation

The current server is selected by default. Click Next to proceed to the Server Roles tab.

ADFS SSO Server Roles tab

From the Server Roles page place a check mark in the box next to Active Directory Domain Services. A notice will appear explaining additional roles services or features are also required to install domain services, click Add Features.
Note: There are other options including, Certificate services, federation services, lightweight directory services and rights management. Domain Services is the glue that holds this all together and needs to be installed prior to these other services.

ADFS SSO features wizard

Review and select optional features to install during the AD DS installation by placing a check in the box next to any desired features; Once done click Next.

ADFS SSO AD DS installation

Review the information on the AD DS tab and click Next.

ADFS SSO AD DS

Review the installation and click Install.
Note: The installation progress will be displayed on the screen. Once installed the AD DS role will be displayed on the 'Server Manager' landing page.

ADFS SSO Server Manager

Configuring Active Directory

Open the Server Manager from the task bar.
Open the Notifications Pane by selecting the Notifications icon from the top of the Server Manager. From the notification regarding configuring AD DS click Promote this server to a domain controller

ADFS SSO domain controller

From the Deployment Configuration tab select Add a new forest from the radial options menu. Insert your root domain name into the Root domain name field.

ADFS SSO Root domain

Review and select a Domain and Forest functional level. Once selected fill in a DSRM password in the provided password fields. The DSRM password is used when booting the Domain Controller into recovery mode.

ADFS SSO Forest functional level

Review the warning on the DNS Options tab and select Next.

ADFS SSO DNS Options

Confirm or enter a NetBIOS name and click Next.

ADFS SSO NetBIOS

Configure the location of the SYSVOL, Log files, and Database folders and click Next.

ADFS SSO SYSVOL

Review the configuration options and click Next.

ADFS SSO configuration

The system will check to ensure all necessary prerequistes are installed on the system prior to moving forward. If the system passes these checks you will proceed by clicking Install.
Note: The server will automatically be rebooted once the installation completes.

ADFS SSO prerequistes

Once reboot is complete, the Active Directory is setup and configured.

Set up ADFS

After starting up server manager, Add Roles and Features wizard, select Active Directory Federation Services, then click Next.

Set up ADFS SSO

We require only .NET 4.5 Features. Select these adn click on Next

ADFS SSO .NET 4.5 Features

ADFS SSO Roles & Features

Clicking next will then install the necessary bits.

ADFS SSO Roles & Features wizard

ADFS SSO Roles & Features results

Installation is complete. You can launch the ADFS configuration wizard from here, or alternatively if this window is closed it can be launched from server manager.

ADFS configuration wizard

In the ADFS Configuration Wizards, you are given an option to either make a new ADFS farm or add to an existing farm. Select to create a new ADFS farm

ADFS SSO farm

Provide your Active Directory Domain admin credentials.

Active Directory Domain admin credentials

Select the SSL Certificate that you downloaded from miniOrange Admin Console Policy Page and provide the Federation Service Display Name

ADFS SSO Policy Page

Select the database configuration

ADFS SSO database configuration

Review the options and click Next

ADFS SSO Review

The ADFS pre-requisite checks are done, and we can proceed to the configuration

ADFS SSO pre-requisite checks

ADFS SSO Setup completion

ADFS Setup is now complete

For Further Details:

httpss://kb.itglue.com/hc/en-us/articles/227391067-Configuring-single-sign-on-SSO-with-ADFS
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com