Configuration
v3.7.2
Search this version
Configuration
Configuration
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Integrate with Active Directory Federation Services
Summarize Page
Copy Markdown
Open in ChatGPT
Open in Claude
Connect to Cursor
Connect to VS Code
Below you can find a step by step tutorial on how to integrate Active Directory Federation Services IdP with MetaDefender Managed File Transfer using the OpenID Connect protocol.
- Open the Server Manager Desktop App and navigate to Tools → AD FS Management
- Inside the AD FS Management app navigate to Application Groups → Add Application Group
- Enter a descriptive name for the application group and select the Server application accessing a web API template
- To find the Login redirect URI
- Go to MetaDefender Managed File Transfer web console and navigate to Settings → Single Sign-On
- Turn on Enable Single Sign-On
- Add the copied URI to the list of known redirect endpoints and save the Client Identifier for later use
- We will require a client secret, so select the Generate a shared secret action and copy the generated GUID for later use
- Add the client identifier (generated at step 5) to the list of known clients
- Choose which users will be allowed to authenticate. For the purpose of this tutorial we will be allowing everyone
- Last but not least we must configure the allowed scopes.
It is mandatory to select:
- openid → for enabling the OpenID Connect protocol
- profile → to receive the user’s name related claims (upn, display_name, first_name, last_name)
- email → to receive the user’s email claim (necessary for administrator role asignment)
- allatclaims → to allow the profile and email related claims to be contained in the identity token, since AD FS does not allow loading profile related claims from the userinfo endpoint
- After the above setup is complete, the newly created application group should be displayed in the application groups list
- There is just one more step to complete on the AD FS server side, attribute to claim mapping. Double click the newly created application group and edit the Web API
- Navigate to the Issuance Transform Rules tab and click Add Rule…
- Select the Send LDAP Attributes as Claims template and click Next
- Select Active Directory as an Attribute store and create the following mappings.
MetaDefender Managed File Transfer recognizes the following claims:
- upn (required)
- email (required)
- name (optional)
- given_name (optional)
- family_name (optional)
- Click Finish and Apply
- On Managed File Transfer's side, input the Client ID (created at step 5) and Client Secret (created at step 6)
- In case of misplacement, the Client ID and Client Secret can be fetched by accessing the application group’s affiliated server application
- Add relevant Administrator Emails to select which users should be granted administrator rights and add the allatclaims scope to Integration Scopes
- If everything is ready, click Update.
Testing the integration
To test the integration:
- Log out of MetaDefender Managed File Transfer
- You will notice that there is a new Sign In with SSO button on the login page
- Click Sign In with SSO. You should be redirected to Active Directory Federation Services to login. Once logged in, you will be redirected back to MetaDefender Managed File Transfer and automatically logged in.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Next to read:
Microsoft Entra IDnull
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
On This Page