To prepare for a successful Active Directory Federation Services (ADFS) using SAML 2.0 configuration on your Formstack Account, we have prepared a brief introduction and overview of our configuration. Active Directory Federation Services using SAML 2.0 may be used in conjunction with Single Sign-On (SSO) Authentication (only available on Enterprise plans)
Once you have gathered these details, you may proceed with your ADFS setup in your Formstack account following this guide.
Be sure to thoroughly test your settings before confirming them. It’s also a good idea to provide an alternative login option until you have confirmed that these settings work as intended or as a back-up method.
Step 1: In Formstack
-
Create a SAML 2.0 Auth Provider in Formstack
- Logged in as the Admin User on your Account, navigate to your Account Profile page > Authentication.
- Logged in as the Admin User on your Account, navigate to your Account Profile page > Authentication.
Please note: the Import from URL or Import from File options are for filling in your information for Entity ID, SSO URL and x509 Certification. It is not required to do this.
Specify the Identity Provider Metadata for your ADFS server:
- Entity ID
- SSO URL
- Example: https://ad.example.com/adfs/ls
- x509 Certificate
- Use the token-signing certificate from your ADFS server. The certificate needs to be in DER binary format or PEM format.
- Click Save Changes to Save the Auth Provider
Step 2: On the ADFS Server
- Add a Relying Party Trust for Formstack
- Specify the URL for the Formstack Metadata XML for the Federation metadata address
- Add a Claim Issuance Policy to send LDAP Attributes as Claims
- The LDAP Attribute should be E-Mail-Addresses
- The Outgoing Claim Type should be E-Mail Address
- Add a Claim Issuance Policy to Transform an Incoming Claim
- The Incoming Claim type should be E-Mail Address
- The Outgoing Claim type should be Name ID
- The Outgoing name ID format should be Email