__ms_adfs__

__ms_adfs__ (__ms_adfs_short__) enables single sign-on access to through Microsoft's Windows-based authentication system, requiring specific configuration of Relying Party Trust and SAML 2.0 WebSSO protocol settings. The integration process involves setting up LDAP attribute configurations, managing metadata XML, and handling certificate requirements, with different implementation steps for Cloud customers versus self-hosted installations.

ADFS is a software component from Microsoft that runs on Windows. It can provide users with single sign-on access to .

Prerequisites

Before continuing, make sure you have __ms_adfs_short__ set up and that you have a role that allows you to modify __ms_adfs_short__. Membership in Administrators, or equivalent, is the minimum requirement.

Configure __ms_adfs__

To configure the __ms_adfs_short__ for integration with :

First add a new Relying Party Trust. Click Start then select Enter data about the relying party manually and click Next.
In the Configure URL tab, enable support for the SAML 2.0 WebSSO protocol. Use http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/acs.
In the Configure Identifiers tab, add http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/metadata. In the last tab, make sure to check Configure claims issuance policy for this application.
In the new pop-up, add a rule with the rule type Send LDAP Attributes as Claims. In the table on the left side (LDAP attribute), select Email Addresses. Then, in the Outgoing claim type table select Name ID.
Now, add another rule, also with the rule type Send LDAP Attributes as Claims. In the LDAP attribute table, select Is-Member-of:DL. In the Outgoing claim type table select Group.
You will need to find the metadata XML at this URL, adjusting the domain address to your domain: https://<ADFSURL_PUBLIC_URL>/FederationMetadata/2007-06/FederationMetadata.xml>
You will also need the entityId as Idp Entity Id, as well as the <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" as Sign on URL, and X509Certificate as Certificate in Base 64
If you have a self-hosted installation of , you need to save the certificate as a PEM file on the server.

Configure to use __ms_adfs__

When __ms_adfs__ is configured to work with , you must configure to work with __ms_adfs__ .

To configure __ms_adfs__ to work with , you must set the configuration variables as described in Configure SAML for Self-Hosted.

Test the __ms_adfs__ integration setup

Once all of the necessary steps to set up the __ms_adfs__ authentication for are completed, you need to test the setup.

Go to a Terminal and start with the following command:
shell
```
./run.sh
```
Allow two to three minutes for to start.
Connect to localhost in a browser. It should redirect you to a __ms_adfs__ login.
Sign into your __ms_adfs__. You should be taken to .

Self-Hosted Overview

Instance Administration

Organization Essentials

Configuring Security

Authentication and identity providers

Other authentication methods

Users and Permissions

Cluster Management

Health Checks

Ingesting Data

Configuration Variables

URLs and Endpoints

Limits and Standards

Deployment Overview

Planning Your Deployment

Instance Sizing

Storage Architecture

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

Installing Load Balancers

Deploying Auxiliary Services

Configuration Settings

Managing Your Deployment

Testing Your Deployment

Humio Operator

Data Analysis Overview

LogScale User Interface

Manage Repositories and Views

Parse Data

Search Data

Write Queries

Automation

Query Language Syntax

Query Functions

Template Language

Keyboard Shortcuts

__ms_adfs__

Prerequisites

Configure __ms_adfs__

Configure to use __ms_adfs__

Test the __ms_adfs__ integration setup

Enter search term