SafeTitan supports the OIDC federation protocol for SSO integration with ADFS 2016 (NOTE: Earlier versions of ADFS do not have support for OpenID Connect). The configuration steps for setting up this integration are listed below. It is broken into 2 steps :-

  1. Register Application in your ADFS management portal.
  2. Update Authentication Settings in your SafeTitan portal.

Register Application in ADFS Management portal

The first step is to register the SafeTitan application within the ADFS management console. This will generate an application id and allow for your application to receive security tokens. Basically when the SafeTitan application provides the generated application ID during the authentication flow, ADFS will provide a level of trust by providing the authenticated security token to SafeTitan to proceed with login. The steps involved in registering the application are listed below:-

  • Navigate to the ADFS management console.
  • Right click on Application Groups and select Add Application Group.

  • In the wizard that appears, provide a name for the application and under Client-Server Applications select Web browser accessing a web application and click next.

  • In the next step make note of the Client ID. This will be needed when configuring the application on the SafeTitan portal.

  • Click Next

  • Click next and review the settings on the summary page, click next and complete.

Screenshot that shows Summary screen.

Configuration on SafeTitan

The last step is to add the minimal configuration needed to your SafeTitan portal.  

  • Login to your SafeTitan portal as an administrative user.
  • From the menu on the left, select Settings and then Authentication Settings

  • From the Authentication Type drop-down, select OpenID.

  • For each of the fields, provide the values:
    • Post logout redirect URI : https://{your domain name}

    • Redirect URI: https://{your domain name}

    • Authority: https://{your adfs url}/adfs

    • Client Id: This should be the Client Id field you will have noted earlier.

    • Client Secret: This can be left blank.

    • Domain Hint:

    • Username Claim: This field is not required. When left blank, it will default to preferred_username.

  • Click Save

This concludes the setup. Please note that it may take one day for the changes to take effect.