ADFS SSO Setup Guide

Full walk-through to setup and enable ADFS SSO with Tovuti.

  1. Go to People > click Single Sign-On > click New

    Screen Shot 2020-01-28 at 4.22.09 PM
  2. Enter Title and Details

  3. Go to the Service Provider Settings tab > a unique EntityID/Issuer will be created for you


Step 2: Configuring ADFS as Identity Provider (IDP)

In ADFS, click on Add Relying Party Trust


Then click on Start


 In Select Data Source: Select Enter data about the relying party manually. Click Next.


  1. In Specify Display name: Enter Display name. Click Next.
  2. In Choose Profile: Select AD FS profile. Click Next.

In Configure URL: Check Enable Support for the SAML 2.0 Web SSO Protocol and enter the ACS URL from the plugin in Relying Party SAML 2.0 SSO Service URL field. Click Next.


Configure Identifiers: Enter the SP-Entity ID/Issuer URL from the plugin in Relying Party Trust Identifier field. Click Add. Click Next


  • In Configure Multi-factor Authentication: Select I do not want to configure multi-factor authentication settings for this relying party trust. Click Next.

  • In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
  • In Ready to Add Trusts, select click Next.
  • Check Open the Edit Claim Rules dialog and click close. Click Add rule and then select Send LDAP Attributes as Claims. Enter the following:

Claim rule name

Enter claim rule name (Any). For example: Attributes

Attribute Store

Active Directory

LDAP Attribute


Outgoing Claim Type

Name ID

  • Click the Finish button.

Step 3: Finish Configuring Tovuti as Service Provider (SP)

Enter the following information found in the ADFS Setup Instructions

  1. Identity Provider Issuer
  2. Identity Provider Single Sign-on URL
  3. 509 Certificate.



Click Update and then click Test Configuration (this will show you what Attributes and Values are being sent in the ADFS SAML Assertion – this will help you map Fields and Groups



Step 4: User Profile Field and Attribute Mapping

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your Identity Provider and map them to Tovuti user attributes like firstname, lastname etc.
  • While auto registering the users in your Tovuti site these attributes will automatically get mapped to your Tovuti user details.
  • In Tovuti User Profile Field Mapping tab and fill in all the fields.


*You can check the Test Configuration Results under the Identity Provider Settings tab to get a better idea of which values to map here.

Step 5: User Group Mapping

  • While auto registering, the users are assigned roles based on the group they are mapped to.
  • Assign a default User Group
  • Enter the Attribute Name for ADFS Roles/Groups


*You can check the Test Configuration Results under the Identity Provider Settings tab to get a better idea of which values to map here.

Step 6: Enable Login Link

Go to Details Tab and click Yes for Add Login Link to Navigation select the menu that you want the link to appear on and give the link a name


Click Save and Your ADFS SSO is Now Setup

(make sure to run multiple tests to ensure that all of your settings are correct)