Add AD FS as a third-party SAML identity provider

Complete this procedure to add Active Directory Federation Services (AD FS) as a third-party SAML identity provider.

How to

  1. In the navigation menu, select Identity > Identity Providers.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Identity & Users > Identity Providers.
  2. Click the plus sign icon.
  3. Configure basic identity provider settings:
    1. In the Name and Description fields, enter a name and description of the IdP.
    2. In the Provider Type menu, select Third-Party SAML.
    3. Click Continue.
  4. Complete these steps to configure general identity provider settings:
    1. Go to the General settings section or click the General tab.
    2. For Identity Intercept, select Use Akamai domain. Enter a hostname. The identity intercept is the URL for the authentication page that is presented to users.
    3. In the Akamai Cloud Zone, select a cloud zone that is closest to the user base.
  5. In the Session section, use the default settings for the Session Idle Expiry, Limit Session Life, and Max Session Duration fields.
  6. To enable client certificate authentication, select the checkbox and configure the required parameters.
  7. In the URL field of the Authentication section, enter the URL of the AD FS portal: https://<federation-service-name>/adfs/ls
    where <federation-service-name> is the fully qualified domain of the AD FS portal.
  8. Use the default settings for the Session Idle Expiry, Limit Session Life, and Max Session Duration fields.
  9. In the Advanced Settings section, select Enable Authorization.
  10. Click Save.

Next steps

  1. Add Active Directory to ETP. Make sure you import groups into ETP. For instructions, see Add a directory.
  2. Download and deploy an identity connector. For instructions, see Create and download an identity connector.
  3. Associate the identity connector with the AD you created. For more information, see Associate an identity connector to a directory.
  4. Assign AD to the AD FS identity provider. For more information, see Assign AD to AD FS identity provider.