Table of contents
Topics on this page

ADFS Saml SSO Integration

  1. Define Cloud Conformity in your identity provider as a service by one of the following options:
    1. Import Cloud Conformity Service Provider metadata under Relying party trusts.

      The latest metadata is available at these URLs:
    2. Define Cloud Conformity as a service provider manually:
  2. Set Default Relay State:
    (This is to enable IdP-initiated sign-on)
  3. In Claim Rules dialog, select Send LDAP Attributes as Claims and make sure email address, given name, and surname claims are enabled.

  4. Configure role mapping

    • Depending on how you manage your groups, send a group membership claim to map to user role in Cloud Conformity. Users coming through ADFS, can take any of the four supported roles in Cloud Conformity:
      • Admin: This role is the organisation administrator and has full access to everything in Cloud Conformity.
      • Power user: This role has full access to all accounts but no organisation-level access, e.g. cannot manage users or add accounts.
      • Read-only: Similar to power user but only with read-only access to all accounts.
      • Custom: Custom users have no access by default and can be granted fine-grained permissions after their first sign-on, by an organisation administrator.
  5. Download and provide us with your identity provider metadata file. ADFS SAML 2.0 metadata should be accessible here: https://ADFS_DOMAIN/FederationMetadata/2007-06/FederationMetadata.xml

Once you have provided identity provider metadata, a member of our team will import it to Cloud Conformity as a trusted identity provider and can begin verifying the integration.

Please contact our support team for additional help.