Overview
Active Directory Federation Services (ADFS) is an identity access solution that provides client computers with Single Sign-On (SSO) access to protected applications or services. Users can access these applications or services even when their accounts and applications are in completely different networks or organizations.
ADFS uses Security Assertion Markup Language (SAML) authentication and Claims-based Access Control (CBAC) authorization to ensure security across applications using the federated identity.
You must establish encrypted communication between the MVE and ADFS servers. To do so, ADFS must trust the MVE server. ADFS also contains user groups from the Active Directory (AD) server that must correspond to the required MVE user roles.
When you set up the ADFS server, the following information is required from the MVE application:
- Relying party trust identifier—https://mve-host/mve/saml
- Relying party SAML 2.0 SSO Service URL or Endpoint—https://mve-host/mve/adfs/saml
Note: In the URLs, mve-host is the IP address or FQDN of the MVE server.