
Active Directory Federation Services
Active Directory Federation Services (ADFS) enables single sign-on access to LogScale through Microsoft's Windows-based authentication system, requiring specific configuration of Relying Party Trust and SAML 2.0 WebSSO protocol settings. The integration process involves setting up LDAP attribute configurations, managing metadata XML, and handling certificate requirements, with different implementation steps for LogScale Cloud customers versus self-hosted installations.
ADFS is a software component from Microsoft that runs on Windows. It can provide users with single sign-on access to LogScale.
To configure the ADFS for integration with LogScale:
- First add a new Relying Party Trust. Click Start then select Enter data about the relying party manually and click . 
- In the Configure URL tab, enable support for the SAML 2.0 WebSSO protocol. Use - http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/acs
- In the Configure Identifiers tab, add - http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/metadata. In the last tab, make sure to check Configure claims issuance policy for this application.
- In the new pop-up, add a rule with the rule type, Send LDAP Attributes as Claims. In the table on the left side (LDAP attribute), select Email Addresses. Then, in the table on the right side (Outgoing claim type), select Name ID. 
- Now, add another rule, also with the rule type, Send LDAP Attributes as Claims. In the table on the left side (LDAP attribute), select Is-Member-of:DL. In the table on the right side (Outgoing claim type), select Group. 
- You will need to find the metadata XML at this URL, adjusting the domain address to your domain: - https://<ADFSURL_PUBLIC_URL>/FederationMetadata/2007-06/FederationMetadata.xml>
- You will also need the - entityIdas- Idp Entity Id, as well as the- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"as- Sign on URL, and- X509Certificateas- Certificate in Base 64
- If you have a self-hosted installation of LogScale, you need to save the certificate as a PEM file on the server. 
See the Active Directory FS Documentation for more information.
Configure LogScale to use Active Directory Federation Services
When Active Directory Federation Services is configured to work with LogScale, you must configure LogScale to work with Active Directory Federation Services.
To configure Active Directory Federation Services to work with LogScale, you must set the configuration variables as described in Configure SAML for LogScale Self-Hosted.