Skip to content
English
Contact us Customer portal
Our Website
  • There are no suggestions because the search field is empty.

Configure AD FS SSO with Engagedly

Table of contents

  1. Introduction
  2. Configure SAML SSO in Engagedly
  3. Create a relying party trust in AD FS
  4. Configure claim rules
  5. Add AD FS details to Engagedly

1. Introduction

Active Directory Federation Service (AD FS) allows users to sign in to Engagedly using their existing Windows or Active Directory credentials.

This integration helps admins enable single sign-on (SSO), centralize authentication, improve security, reduce password-related issues, and simplify user management.

📒Note: Admins and users with integration permissions are authorized to configure this integration.

For more information about SSO integrations, refer to the Overview of integrations.

📒Note: This document covers the integration setup for both Tangerine (V2) and Indigo (V3). Screenshots are captured from Indigo (V3), so the user interface may vary slightly in Tangerine.

Prerequisites

  • Install and configure AD FS on your Microsoft server.
  • Ensure users exist in AD FS with first name, last name, and email address.
  • Ensure the same users exist in Engagedly with matching email IDs.

2. Configure SAML SSO in Engagedly

Navigate to Settings > Integrations.

  1. In the "SSO" field, click SAML Single Sign On.
  2. Click ADD at the to right.
  3. Enter an identifier name as required and click SAVE.

Configure AD FS SSO with Engagedly1-3

Engagedly generates the ACS URL and Entity ID.

3. Create a relying party trust in AD FS

  1. In the “Windows Server Management”, select Tools, open AD FS Management, and select the Relying Party Trusts folder.
  2. In the right panel, click Add Relying Party Trust in the “Actions” section.

2-Nov-02-2023-02-40-21-6140-PM

     3.  Click Start to begin the setup wizard.

     4.  In the left panel, click Select Data Source, select Enter data about the relying party manually, and click Next.

3

     5.  Enter the display name as required and click Next.

     6.  (Optional) Add notes after entering the display name.

4-1

     7.  Select the AD FS profile, and click Next.

5-Nov-02-2023-02-43-56-8107-PM

     8.  Skip the certificate step and click Next.

Configure SAML settings
  1. Select Enable support for the SAML 2.0 WebSSO protocol.
  2. Paste the ACS URL from Engagedly into the “Relying party SAML 2.0 SSO service URL” field, and click Next.

6

     3.  Paste the Entity ID from Engagedly into the “Relying Party Identifier” field, and click Next.

     4.  Skip multi-factor authentication (MFA) unless required.

     5.  Select I do not want to configure multi-factor authentication settings for this relying party trust at this time, and click Next.

8-Nov-02-2023-02-50-16-0501-PM

     6.  Select Permit all users to access this relying party and click Next.

     7.  Click Close to exit.

The relying party trust is successfully created.

4. Configure claim rules

You must add two claim rules.

Rule 1: Send LDAP attributes
  1. Click Add Rule.

     2.  In the “Claim rule template” drop-down, select Send LDAP Attributes as Claims and click Next.

10.1

     3.  Enter a name for the claim rule as required.

     4.  In the “Attribute store” drop-down, select Active Directory.

     5.  In the “LDAP Attribute” and “Outgoing Claim Type” fields, select E-Mail-Address and click Finish

9

Rule 2: Transform claim (Mandatory)
  1. Click Add Rule.

     2.  In the “Claim rule template” drop-down, select Transform an Incoming Claim, and click Next.

11.1

     3.  Enter a name for the claim rule as required.

     4.  Set:

    • Incoming claim type: E-mail Address
    • Outgoing claim type: Name ID
    • Outgoing name ID format: Email Address

     5.  Select Pass through all claim values and click Finish.

11

5. Add AD FS details to Engagedly

Configure the relying party trust settings.

  1. Right-click the newly created Relying Party Trust and select Properties.
  2. Select the Advanced tab and then select SHA-1 from the drop-down.
  3. Select the Monitoring tab.
  4. In “AD FS Management”, paste the ACS URL (from Engagedly) into the “Relying Party’s Federation Metadata URL” field, and click Test URL.

Close the wizard if the configuration settings are correct, and it works well.

Get metadata
  1. In “AD FS Management”, select Service/Endpoints > Metadata > Type: Federation Metadata.
  2. Download the metadata XML file.
  3. Copy the following values, paste them into Engagedly, and click Save:
AD FS value Paste into Engagedly field

Single Sign-On URL

 Identity Provider Single Sign On URL
Relying Party Trust Identifier Identity Provider Issuer
Token-signing certificate Identity Provider X.509 Certificate
Export certificate
  1. In “AD FS Management”, select these folders in the left panel: AD FS > Services > Certificates.
  2. In the “Token-signing” field, double-click the certificate.

14-Nov-02-2023-03-10-35-9536-PM

     3.  In the “Certificate” pop-up, open the Details tab, select Copy to File, and then click OK.

     4.  In the “Certificate Export Wizard pop-up”, click Next.

     5.  Select Base-64 encoded X.509 and click Next.

     6.  Click Browse and follow the prompts to export the certificate.

     7.  Click Finish in the “Certificate Export Wizard” pop-up.

     8.  Open the downloaded certificate in a text editor and copy the entire content, including the ----- BEGIN CERTIFICATE-----and----- END CERTIFICATE----- lines.

15-Nov-02-2023-03-10-37-0402-PM

     9.  Paste the certificate content into the ”Identity Provider X.509 Certificate” field in Engagedly and click SAVE.

    10.  (Optional) Click Test Connection to verify the setup.

    11.  Use the toggle to activate authentication using SAML and click SAVE.

Configure AD FS SSO with Engagedly14

Users can now sign in to Engagedly using their Active Directory credentials through AD FS SSO.