# Single Sign-on with Microsoft ADFS

Platform9 supports Single Sign On with Microsoft Active Directory Federation Services (ADFS). This tutorial describes the procedure for configuring ADFS as a SAML Identity Provider in Platform9 Managed OpenStack.

## Prerequisites

The following components must be installed, and properly configured prior to attempting Platform9 SSO integration with ADFS.

* Windows Server
* Active Directory
* Active Directory Federation Services

### Step 1. Create Relying Party Trust

1\. Open the ADFS management console.

2\. Click on the top level folder **(ADFS 2.0)** and click **Add Relying Party Trust** from the Actions menu.

3\. Click **Start** to begin configuring a Relying Party Trust.

4\. Choose to **Import data about the relying party published online or on a local network**. Then click **Next**.

5\. Enter the **Federation metadata address**. Then click **Next**.

Set it to:

{% tabs %}
{% tab title="None" %}

```none
https://<account fqdn>/Shibboleth.sso/Metadata
```

{% endtab %}
{% endtabs %}

6\. Optionally change the **Display name**. Then click **Next**.

7\. Choose **I do not want to configure multi-factor authentication settings for this relying party trust at this time.** Then click **Next**.

8\. Choose **Permit all users access to this relying party**. Then click **Next**.

Review the Relying Party Trust configuration, and click **Next**. Leave **Open the Edit Claim Rules dialog...** box checked, and click **Close**.

### Step 2. Add Outgoing Claim Rules

Add **Outgoing Claim Rules** as needed. These attributes are added to the SAML Assertion Response, and sent to the Platform9 environment via HTTP POST. They can be used to create mappings in OpenStack. These mappings provide a way to associate ADFS users to resources in OpenStack. At a minimum, the attributes **FirstName** and **LastName** of the user are needed.

### Step 3. Complete remaining SSO setup instructions

Follow this [article](/managed-openstack/5.8/authentication-and-authorization/single-sign-on-sso.md) to complete your single sign-on configuration.

Please provide Platform9 a copy of the ADFS metadata, or a publicly accessible URL where we can access the metadata, when requesting SSO to be enabled in your environment. The ADFS metadata can be found at:

{% tabs %}
{% tab title="None" %}

```none
https://<ADFS HOSTNAME>/FederationMetadata/2007-06/FederationMetadata.xml
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/managed-openstack/5.8/authentication-and-authorization/authentication-saml-adfs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.