Active Directory Federation Service

Active Directory Federation Service (ADFS) enables single sign-on access to LogScale through Microsoft's Windows-based authentication system, requiring specific configuration of Relying Party Trust and SAML 2.0 WebSSO protocol settings. The integration process involves setting up LDAP attribute configurations, managing metadata XML, and handling certificate requirements, with different implementation steps for LogScale Cloud customers versus self-hosted installations.

ADFS is a software component from Microsoft that runs on Windows. It can provide users with single sign-on access to LogScale.

Prerequisites

Before continuing, make sure you have ADFS set up and that you have a role that allows you to modify ADFS. Membership in Administrators, or equivalent, is the minimum requirement.

Configure Active Directory Federation Service

To configure the ADFS for integration with LogScale:

  1. First add a new Relying Party Trust. Click Start then select Enter data about the relying party manually and click Next.

  2. In the Configure URL tab, enable support for the SAML 2.0 WebSSO protocol. Use http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/acs.

  3. In the Configure Identifiers tab, add http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/metadata. In the last tab, make sure to check Configure claims issuance policy for this application.

  4. In the new pop-up, add a rule with the rule type Send LDAP Attributes as Claims. In the table on the left side (LDAP attribute), select Email Addresses. Then, in the Outgoing claim type table select Name ID.

  5. Now, add another rule, also with the rule type Send LDAP Attributes as Claims. In the LDAP attribute table, select Is-Member-of:DL. In the Outgoing claim type table select Group.

  6. You will need to find the metadata XML at this URL, adjusting the domain address to your domain: https://<ADFSURL_PUBLIC_URL>/FederationMetadata/2007-06/FederationMetadata.xml>

  7. You will also need the entityId as Idp Entity Id, as well as the <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" as Sign on URL, and X509Certificate as Certificate in Base 64

Configure LogScale to use Active Directory Federation Service

When Active Directory Federation Service is configured to work with LogScale, you must configure LogScale to work with Active Directory Federation Service .

Important

For Cloud customers, gather the information on Requirements for identity provider configuration and Configure SAML for LogScale Cloud, then contact Support to set up your chosen IdP service.