LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • How to Configure SAML
  • Adding a Relying Party
  • Adding a Claims Rule
  • Reviewing Relying Party Configuration
  • Additional AD FS SAML Documents
  • How to Test SAML Configuration
  • FAQ
  • Q: Is the two-factor authentication (2FA) of users valid for a SAML log in?

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform
  3. Company
  4. Company Settings
  5. SAML Settings

How to Configure SAML on ADFS

PreviousSAML SettingsNextHow to Configure SAML on Google Workspace

Last updated 10 months ago

Was this helpful?

This document explains the steps of integrating the Microsoft AD FS (Microsoft Active Directory Federation Service) identity provider with the platform over SAML to log in to the platform by using your ADFS account.

Ensure that ports 80 and 443 communicate between the platform and the identity provider. If the required ports are not open between the identity provider and the platform, an error will occur in the authentication step.

How to Configure SAML

Log in to the platform with the privileged user who can access the SAML settings on the platform and then follows up on the document to fill up the required fields under the ‘SAML Configuration For Platform’ section.

Adding a Relying Party

Please follow the steps below to add the platform to the relying party trusts.

  • Open the ADFS console

  • Click Relying Party Trust option on the left and then click Add Relying Party Trust button on the right.

  • Click the Start button in the Add Relying Party Trust Wizard window

  • Select the Claims Aware option and click the Next button.

  • On the Select Data Source page, click on Import data about the relying party from a file. In the Federation metadata file location field section, select the metadata file you downloaded from the platform.

  • Specify a display name on the Specify Display Name page for display purposes, and click the Next button.

  • On the Access Control Policy page, select the Permit Everyone option and click the Next button.

  • Click the Next and then Close buttons to complete the process.

Adding a Claims Rule

  • Add a rule.

  • Click on Relying Party Trusts in the left menu to open the Edit Claim Rules page, then right-click on the configuration with the display name specified in the steps above and click on Edit Claim Rules.

  • Click Add Rule on the Issuance Transform Rules tab.

  • On the Select Rule Template page, select Send LDAP Attributes as Claims and click the Next button.

  • Specify a name in the Claim Rule Name field and select Active Directory in the Attribute Store field.

  • Add the following attributes to the outgoing claim types table.

LDAP Attribute (select or type to add more)
Outgoing Claim Type (select or type to add more)

Given-Name

firstname

Surname

lastname

Telephone-Number

phonenumber

User-Principal-Name

Name ID

spRole

CompanyAdmin

  • And then click the Finish > Apply > OK buttons to close the wizard.

The spRole depends on your configuration. The point could be CompanyAdmin, Reseller or created Custom Roles.

The Name ID is equal to the Email Address field on the platform. The system user must be created on the platform with the email address hosted in the User-Principal-Name attribute on ADFS and must log in to the platform with that email address.

Reviewing Relying Party Configuration

  • Open the ADFS console

  • Click Relying Party Trust option on the left and then click the Edit of already created relying party trust rule.

  • On the Properties menu, go to the Advanced menu and then choose the SHA-1 hash algorithm.

  • On the Properties menu, go to the Signature menu and then ask for the platform certificate from the support team or download it from the SAML settings menu on the platform for verification.

  • Click Apply to save changes.

Additional AD FS SAML Documents

Please see more information about AD FS SAML configuration in the following documents with screenshots.

How to Test SAML Configuration

After you have completed the SSO requirements, you can log in to the platform by following the steps below to make sure SSO works successfully.

  • Make sure the admin who will log in to the platform over SAML is created in the platfrom under the Company > System Users page.

  • Access the platform's login page.

  • In the Username or Email field, enter the user email address of the domain defined for AD FS SAML. You will then be directed to your company's AD FS SSO page in the SAML definition where you can log in to the platform with your active directory account.

FAQ

Q: Is the two-factor authentication (2FA) of users valid for a SAML log in?

A: No. The platform automatically disables the 2FA for a SAML log-in.

💫
here
1MB
ComponentSpace ADFS Claims Provider Integration Guide.pdf
pdf
ComponentSpace ADFS Claims Provider Integration Guide.pdf
2MB
ComponentSpace ADFS Relying Party Integration Guide.pdf
pdf
ComponentSpace ADFS Relying Party Integration Guide.pdf