The Active Directory team supports an Active Directory Federation Services (ADFS) installation to provide authentication to resources in Azure such as Microsoft 365. This service also provides authentication to applications that require SAML or WS-Fed authentication of Active Directory department accounts not handled by Enterprise Authentication. Customers that wish to leverage ADFS for authentication should perform the following:
Verify suitability
Applications that require SAML authentication should leverage Enterprise Authentication whenever possible. If an application can leverage Enterprise Authentication, please submit an integration request for Enterprise Authentication rather than requesting ADFS configuration
Submit the required information
Submit the following information to the Active Directory team via the Service Now form:
- The name of the application
- The name of the department or team that manages the appliation
- The official university department code of the department that manages the application
- The email address of a distribution list for the technical contacts of the application
- The EIDs for the technical contacts of the application
- The endpoint URL of the application
- AKA the Assertion Consumer Services (ACS) URL
- Service URLs are strongly preferred and specific host URLs should be avoided
- The replying party identifier of the application
- The identifier should match the endpoint URI unless a specific identifier is required by the application
- The claims requested by the application
- Any claims that require protected information may require additional approval
- Any custom multi-factor authentication (MFA) configuration required by the application
- The defaultĀ Permit everyone and require MFA policy is applied when custom configuration is not requsted