Add AD FS as a third-party SAML identity provider
Complete this procedure to add Active Directory Federation Services (AD FS) as a third-party SAML identity provider.
In the navigation menu, select
.Note: If you are trying the new Enterprise Center interface, in the navigation menu, select .
- Click the plus sign icon.
Configure basic identity provider settings:
- In the Name and Description fields, enter a name and description of the IdP.
- In the Provider Type menu, select Third-Party SAML.
- Click Continue.
Complete these steps to configure general identity provider settings:
- Go to the General settings section or click the General tab.
- For Identity Intercept, select Use Akamai domain. Enter a hostname. The identity intercept is the URL for the authentication page that is presented to users.
- In the Akamai Cloud Zone, select a cloud zone that is closest to the user base.
- In the Session section, use the default settings for the Session Idle Expiry, Limit Session Life, and Max Session Duration fields.
- To enable client certificate authentication, select the checkbox and configure the required parameters.
In the URL field of the
Authentication section, enter the URL of the AD FS portal:
https://<federation-service-name>/adfs/lswhere <federation-service-name> is the fully qualified domain of the AD FS portal.
- Use the default settings for the Session Idle Expiry, Limit Session Life, and Max Session Duration fields.
- In the Advanced Settings section, select Enable Authorization.
- Click Save.
- Add Active Directory to ETP. Make sure you import groups into ETP. For instructions, see Add a directory.
- Download and deploy an identity connector. For instructions, see Create and download an identity connector.
- Associate the identity connector with the AD you created. For more information, see Associate an identity connector with a directory.
- Assign AD to the AD FS identity provider. For more information, see Assign AD to AD FS identity provider.