ADFS Configuration Instructions

Requirements:
  • Microsoft Windows server 2008 R2 or higher, running ADFS 2.0 or higher.
  • Your ADFS server must be publicly available (NAT translation or using a federation proxy/Web Application Proxy) for users to authenticate outside of your local network.
  • Instructions are based on ADFS 3.0. For ADFS 2.0 servers, you may notice some slight differences in the configuration.
Configuration Instructions:

Customize your Motivosity domain name (for this example, we’ll use “abc”). Logged in with administrative rights, go to Setup > Preferences and choose your domain name.

Export your ADFS XML federation metadata. This is typically available at the following URL:

https://[adfs-server-fqdn]/FederationMetadata/2007-06/FederationMetadata.xml

In Motivosity, navigate to Setup > Integrations and paste the XML data into the SAML XML text box.

Log into your ADFS server with administrative rights.

Open the ADFS administration console.

Navigate to Trust Relationships > Relying Party Trusts.

Select Add Relying Party Trust.

The Add Relying Party Trust wizard will open. Select Start.

Select the option to Enter Data Manually.

Provide a friendly display name and any notes desired.

Select the ADFS Profile for compatibility with SAML 2.0.

Click Next at the Configure Certificate page (skip this step).

At the Configure URL step, select Enable support for the SAML 2.0 WebSSO protocol and specify the URL https://app.motivosity.com/sso/saml in the Relying party SAML 2.0 SSO service URL field:

At the Configure Identifiers page, enter https://motivosity.com and select “Add”.

At the Configure Multifactor Authentication Now? step, click next (skip this step).

At the Configure Issuance Authorization Rules step, select Permit All Users to access this relying party.

Select the check box to Open the Edit Claim Rules dialog for this relying party trust when the wizard closes.

Under the Issuance Transform Rules tab, click Add Rule…

Supply a rule name. For Incoming claim type: - select “UPN”. For Outgoing Claim Type: - select “Name ID”. For Outgoing name ID format: - select “Email”.

Click OK. Click Apply and OK to exit the claim rules configuration.

Navigate to your custom domain (https://abc.motivosity.com). This should redirect you to login on your ADFS page. Upon successful login, you will be redirected to your Motivosity portal.