The Active Directory team supports an Active Directory Federation Services (ADFS) installation to provide authentication to resources in Azure such as Microsoft 365. This service also provides authentication to applications that require SAML or WS-Fed authentication of Active Directory department accounts not handled by Enterprise Authentication. Customers that wish to leverage ADFS for authentication should perform the following:
Verify suitability
Applications that require SAML or OIDC authentication should leverage Enterprise Authentication whenever possible. If an application can leverage Enterprise Authentication, please submit an integration request for Enterprise Authentication rather than requesting ADFS configuration
...
Submit the following information to the Active Directory team via the Service Now form:
The name of the application
The name of the department or team that manages the
...
application
The official university department code of the department that manages the application
The email address of a distribution list for the technical contacts of the application
The EIDs for the technical contacts of the application
The
...
authentication method used by the application
SAML, WS-Fed, or OIDC
The metadata URL(s) of the application
...
SAML: the Assertion Consumer Services (ACS) URL
WS-Fed: the endpoint URL
OIDC: the redirect URL(s)
Service URLs are strongly preferred
...
; URLs to specific hosts be avoided
The
...
identifier(s) of the application
The identifier should match the
...
URL unless one or more specific identifiers are required by the application
The claims and/or scopes requested by the application
Any claims that require protected information may require additional approval
Any custom multi-factor authentication (MFA) configuration required by the application
The defaultĀ Permit everyone and require MFA policy is applied when a custom configuration is not
...
requested