Configure Active Directory Federation Services For Single Sign-on ...

• SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our Cookie Policy.
Continue

Toggle navigation

• Academy
  • SOLARWINDS ACADEMY
  • CLASSES
  • ELEARNING
  • CERTIFICATION

  SOLARWINDS ACADEMY

  The SolarWinds Academy offers education resources to learn more about your product. The curriculum provides a comprehensive understanding of our portfolio of products through virtual classrooms, eLearning videos, and professional certification.
  • See What's Offered

  AVAILABLE RESOURCES

  • Virtual Classrooms Calendar
  • View Product Trainers
  • Quick Byte Videos
  • eLearning Video Index
  • SolarWinds Certified Professional Program

  VIRTUAL CLASSROOMS

  Attend virtual classes on your product and a wide array of topics with live instructor sessions or watch on-demand videos to help you get the most out of your purchase.
  • View all Classes

  Open Sessions and Popular Classes

  • View Product Trainers
  • General Office Hours
  • Quick Byte Videos
  • Orion Platform
  • Network Performance Monitor
  • View the Calendar
  • NetFlow Traffic Analyzer
  • IP Address Manager
  • Network Configuration Manager
  • Server & Application Monitor
  • Virtualization Manager

  ELEARNING VIDEOS

  On-demand videos on installation, optimization, and troubleshooting.
  • See All Videos

  Popular Videos

  • Upgrading Isn't as Daunting as You May Think
  • Upgrading Your Orion Platform Deployment Using Microsoft Azure
  • Upgrading From the Orion Platform 2016.1 to 2019.4
  • Don't Let the Gotchas Get You
  • How to Install NPM and Other Orion Platform Products
  • Upgrading the Orion Platform
  • See All Videos
  • Navigating the Web Console
  • Prepare a SAM Installation
  • Installing Server & Application Monitor
  • How to Install SEM on VMware
  • Customer Success with the SolarWinds Support Community
  • New job, New to SolarWinds?

  SOLARWINDS CERTIFIED PROFESSIONAL PROGRAM

  Become a SolarWinds Certified Professional to demonstrate you have the technical expertise to effectively set up, use, and maintain SolarWinds’ products.
  • Learn More

  STUDY AIDS

  • Access Rights Manager
  • Architecture and Design
  • Database Performance Analyzer
  • Diagnostics and Troubleshooting
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • Network Performance Monitor
  • Server & Application Monitor
  • Security Event Manager
• ONBOARDING & UPGRADING
  • NEW TO SOLARWINDS
  • UPGRADE RESOURCE CENTER
  • ONBOARDING

  NEW TO SOLARWINDS

  You just bought your first product. Now what? Find out more about how to get the most out of your purchase. From installation and configuration to training and support, we've got you covered.
  • Learn More

  UPGRADE RESOURCE CENTER

  See helpful resources, answers to frequently asked questions, available assistance options, and product-specific details to make your upgrade go quickly and smoothly.
  • Visit the Upgrade Resource Center

  ONBOARDING

  SolarWinds Onboarding programs are designed to help walk you through product installations, and more to deliver immediate value on your product experience. We offer self-led and assisted options, so you can choose the one that best fits your business needs and schedule.

  AVAILABLE DEPLOYMENT SERVICES PROGRAMS

  • Self-Led Onboarding
  • Deployment Services
• Support Offerings
  • PREMIUM SUPPORT OFFERINGS
  • FEDERAL SUPPORT OFFERINGS
  • WORKING WITH SUPPORT

  PREMIUM SUPPORT OFFERINGS

  Our paid Customer Support plans provide assistance with Solarwinds product questions, troubleshooting, and product-related issues. Choose what best fits your environment and organization, and let us help you get the most out of your purchase. We support all of our products, 24/7/365.
  • Learn More

  AVAILABLE PROGRAMS

  • Professional Support
  • Advanced Support
  • Premium Support Level 1
  • Premium Support Level 2
  • Premium Support Level 3
  FEDERAL SUPPORT OFFERINGS
  Our Government support plans have been customized to provide specific assistance to install, upgrade, and troubleshoot your product. Choose what best fits your environment and organization, and let us help you get the most out of your purchase. We support all our products, 24/7/365.

  AVAILABLE PROGRAMS

  • Federal Premium Support
  • Federal Deployment Services

  WORKING WITH SUPPORT

  A glossary of support availability, tips, contact info, and customer success resources. We're here to help.
  • Learn More
• PRODUCTS
  • MONITORING & OBSERVABILITY
  • NETWORK MANAGEMENT
  • SYSTEMS MANAGEMENT
  • DATABASE MANAGEMENT
  • IT SECURITY
  • IT SERVICE MANAGEMENT
  • APPLICATION MANAGEMENT
  • DOCUMENTATION

  MONITORING AND OBSERVABILITY

  SolarWinds Observability is a full-stack, AI-powered solution that offers two deployment options: Self-hosted and SaaS. With the continued expansion of network and infrastructure capabilities in the SaaS option and the continued expansion of cloud capabilities in the self-hosted option, both offerings can provide end-to-end hybrid visibility. They also include overlapping capabilities and interconnectivity, giving IT teams and the organizations they support the flexibility to observe complex environments however they want.
  • Product Support Page

  USEFUL RESOURCES

  • SolarWinds Observability (formerly known as Hybrid Cloud Observability) Technical Documentation
  • SolarWinds Observability (formerly known as Hybrid Cloud Observability) Product Details
  • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Technical Documentation
  • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Product Details

  NETWORK MANAGEMENT

  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • IP Address Manager
  • Network Configuration Manager
  • Engineer's Toolset
  • Network Topology Mapper
  • View All Network Management Products
  • User Device Tracker
  • VoIP Network Quality Manager
  • Log Analyzer
  • Enterprise Operations Console
  • Kiwi CatTools
  • Kiwi Syslog Server NG
  Your SolarWinds products come with a secret weapon.

  Award-winning, instructor-led classes, eLearning videos, and certifications.

  Find a Class

  SYSTEMS MANAGEMENT

  • Server & Application Monitor
  • Virtualization Manager
  • Storage Resource Monitor
  • Serv-U Managed File Transfer
  • Serv-U Secured FTP
  • View All Systems Management Products
  • Server Configuration Monitor
  • Log Analyzer
  • Access Rights Manager
  • Web Performance Monitor
  Your SolarWinds products come with a secret weapon.

  Award-winning, instructor-led classes, eLearning videos, and certifications.

  Find a Class

  DATABASE MANAGEMENT

  • Database Performance Analyzer
  • SQL Sentry
  • View All Database Management Products
  Your SolarWinds products come with a secret weapon.

  Award-winning, instructor-led classes, eLearning videos, and certifications.

  Find a Class

  IT SECURITY

  • Security Event Manager
  • Access Rights Manager
  • Serv-U Managed File Transfer Server
  • Serv-U FTP Server
  • Patch Manager
  • View All IT Security Products
  Your SolarWinds products come with a secret weapon.

  Award-winning, instructor-led classes, eLearning videos, and certifications.

  Find a Class

  IT SERVICE MANAGEMENT

  • Dameware Remote Everywhere
  • Dameware Remote Support
  • Dameware Mini Remote Control
  • Service Desk
  • Web Help Desk
  • View All IT Service Management Products
  Your SolarWinds products come with a secret weapon.

  Award-winning, instructor-led classes, eLearning videos, and certifications.

  Find a Class

  APPLICATION MANAGEMENT

  • Server & Application Monitor
  • Loggly
  • Log Analyzer
  • View All Application Management Products
  • Papertrail
  • Pingdom
  • Web Performance Monitor
  Your SolarWinds products come with a secret weapon.

  Award-winning, instructor-led classes, eLearning videos, and certifications.

  Find a Class
• COMMUNITY
  • THWACK®
  • SOLARWINDS BLOG
  • TECHPOD

  THWACK®

  Over 200,000 users—get help, be heard, improve your product skills
  • Visit THWACK

  AVAILABLE PROGRAMS

  • SolarWinds User Groups
  • THWACK Livecast
  • THWACKcamp 2024 On-Demand
  • Academy Newsroom
  • SolarWinds Certified Professional (SCP) Forum
  • Classroom Training Forum

  SolarWinds Blog

  Join us on the road to talk AI, observability, and IT management. We've got real-world insights you just won't hear about anywhere else.
  • Visit Blog

  TECHPOD

  Join the brightest SolarWinds minds and IT industry influencers, as they cut through the jargon and give you the tools you need to grow and keep your tech knowledge razor-sharp. Come with questions—leave with actionable steps and practical insights.
  • Episodes

• NEW TO SOLARWINDS
• SUBMIT A TICKET

• Academy
  • SOLARWINDS ACADEMY
    • See What's Offered
    • Virtual Classrooms Calendar
    • View Product Trainers
    • Quick Byte Videos
    • eLearning Video Index
    • SolarWinds Certified Professional Program
  • CLASSES
    • View all Classes
    • View Product Trainers
    • General Office Hours
    • Quick Byte Videos
    • Orion Platform
    • Network Performance Monitor
    • View the Calendar
    • NetFlow Traffic Analyzer
    • IP Address Manager
    • Network Configuration Manager
    • Server & Application Monitor
    • Virtualization Manager
  • ELEARNING
    • See All Videos
    • Upgrading Isn't as Daunting as You May Think
    • Upgrading Your Orion Platform Deployment Using Microsoft Azure
    • Upgrading From the Orion Platform 2016.1 to 2019.4
    • Don't Let the Gotchas Get You
    • How to Install NPM and Other Orion Platform Products
    • Upgrading the Orion Platform
    • See All Videos
    • Navigating the Web Console
    • Prepare a SAM Installation
    • Installing Server & Application Monitor
    • How to Install SEM on VMware
    • Customer Success with the SolarWinds Support Community
    • New job, New to SolarWinds?
  • CERTIFICATION
    • Learn More
    • Access Rights Manager
    • Architecture and Design
    • Database Performance Analyzer
    • Diagnostics and Troubleshooting
    • NetFlow Traffic Analyzer
    • Network Configuration Manager
    • Network Performance Monitor
    • Server & Application Monitor
    • Security Event Manager
• ONBOARDING & UPGRADING
  • NEW TO SOLARWINDS
    • Learn More
  • UPGRADE RESOURCE CENTER
    • Visit the Upgrade Resource Center
  • ONBOARDING
    • Self-Led Onboarding
    • Deployment Services
• Support Offerings
  • PREMIUM SUPPORT OFFERINGS
    • Learn More
    • Professional Support
    • Advanced Support
    • Premium Support Level 1
    • Premium Support Level 2
    • Premium Support Level 3
  • FEDERAL SUPPORT OFFERINGS
    • Federal Premium Support
    • Federal Deployment Services
  • WORKING WITH SUPPORT
    • Learn More
• PRODUCTS
  • MONITORING & OBSERVABILITY
    • Product Support Page
    • SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Technical Documentation
    • SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Product Details
    • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Technical Documentation
    • SolarWinds Observability SaaS (formerly known as SolarWinds Observability) Product Details
  • NETWORK MANAGEMENT
    • Network Performance Monitor
    • NetFlow Traffic Analyzer
    • IP Address Manager
    • Network Configuration Manager
    • Engineer's Toolset
    • Network Topology Mapper
    • View All Network Management Products
    • User Device Tracker
    • VoIP Network Quality Manager
    • Log Analyzer
    • Enterprise Operations Console
    • Kiwi CatTools
    • Kiwi Syslog Server NG
  • SYSTEMS MANAGEMENT
    • Server & Application Monitor
    • Virtualization Manager
    • Storage Resource Monitor
    • Serv-U Managed File Transfer
    • Serv-U Secured FTP
    • View All Systems Management Products
    • Server Configuration Monitor
    • Log Analyzer
    • Access Rights Manager
    • Web Performance Monitor
  • DATABASE MANAGEMENT
    • Database Performance Analyzer
    • SQL Sentry
    • View All Database Management Products
  • IT SECURITY
    • Security Event Manager
    • Access Rights Manager
    • Serv-U Managed File Transfer Server
    • Serv-U FTP Server
    • Patch Manager
    • View All IT Security Products
  • IT SERVICE MANAGEMENT
    • Dameware Remote Everywhere
    • Dameware Remote Support
    • Dameware Mini Remote Control
    • Service Desk
    • Web Help Desk
    • View All IT Service Management Products
  • APPLICATION MANAGEMENT
    • Server & Application Monitor
    • Loggly
    • Log Analyzer
    • View All Application Management Products
    • Papertrail
    • Pingdom
    • Web Performance Monitor
  • DOCUMENTATION
• COMMUNITY
  • THWACK®
    • Visit THWACK
    • SolarWinds User Groups
    • THWACK Livecast
    • THWACKcamp 2024 On-Demand
    • Academy Newsroom
    • SolarWinds Certified Professional (SCP) Forum
    • Classroom Training Forum
  • SolarWinds Blog
    • Visit Blog
  • TECHPOD
    • Episodes
• NEW TO SOLARWINDS
• SUBMIT A TICKET

Search SolarWinds Support Quick Links SolarWinds Platform Port Requirements SolarWinds/Orion Platform Documentation SolarWinds/Orion Platform Release Notes SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Documentation SolarWinds Observability Self-Hosted (formerly known as Hybrid Cloud Observability) Release Notes News & Announcements Evolving towards Observability Secure by Design Meet our Product Trainers THWACKcamp Connect with Us Technical Documentation Customer Portal Submit a Ticket THWACK Community Orange Matter Blog TechPod Episodes Documentation forSolarWinds Platform Self-Hosted Configure Active Directory Federation Services for single sign-on login to the SolarWinds Platform Web Console

This topic applies to all SolarWinds Platform products.

When configuring Active Directory Federation Services (AD FS) to communicate with your SolarWinds Platform Web Console, you will be working with both AD FS and SolarWinds Platform Web Console at the same time. You need to copy information from one system into the other.

 

Task 1: Prepare the identity provider in the SolarWinds Platform Web Console

1. Log in to the SolarWinds Platform Web Console hosted on your main SolarWinds Platform server using an administrator account.

2. Click Settings > All Settings.

3. In the User Accounts section, click SAML Configuration.

4. Click Add Identity Provider.

5. In the Enter Orion URL step, check that the external URLs are correct and adjust them if necessary.

   SolarWinds Platform Web Console External URL

   This is the URL of your SolarWinds Platform server or its DNS alias.

   Additional Web Console external URLs

   If you have additional polling engines deployed, check the URL(s) for the servers hosting the additional web console. The field should contain one of the following:

   • The address of the server hosting your Additional Web Console

     Example: https://WIN-1234567890A

   • The DNS alias of the server hosting the Additional Web Console

     Example: https://orion

   • No input

     Clear the suggested URL. When you try to log in to the Additional Web Console using SAML authentication, you'll be redirected to the primary SolarWinds Platform Web Console

   These URLs are used to generate the URL and URI you copy into your identity provider settings.

   

6. The Prepare IdP step provides the Audience URI and SSO Service URLs to be copied and pasted into the AD FS configuration.

   Keep the browser open, and continue in AD FS.

   If you have deployed additional web servers, the SSO Service URLs section includes more URLs - one for the primary SolarWinds Platform Web Console and one for each additional web server.

   

Task 2: Configure AD FS to communicate with the SolarWinds Platform

Mapping AD FS to the SolarWinds Platform requires that:

• AD FS is configured on the server.
• A token encryption certificate is available.
• Service endpoint URL for the relying party trust is configured.

Step 1: Configure the Relying Party Trust

1. In the Windows Server Manager, click Tools, and then select AD FS Management.

2. Under Actions, click Add Relying Party Trust.

3. On the Welcome page, choose Claims aware and click Start.

4. On the Select Data Source page, click Enter data about the relying party manually, and click Next.

5. On the Specify Display Name page, type a name in Display name. Under Notes, type a description for this party trust, and click Next.

6. Ensure that the encryption certificate for the relying party trust is empty, and then click Next.

   Orion Platform 2018.4 does not support this certificate. Providing the certificate might cause issues.

   Screenshots property of © 2019 Microsoft.

7. On the Configure URL page, do the following:

   1. Select the Enable support for the SAML 2.0 Web SSO protocol box.

   2. Under Relying party SAML 2.0 SSO service URL, paste the SSO Service URL from the SolarWinds Platform Web Console into Security Assertion Markup Language (SAML) service endpoint URL, such as https://hostname.domain/Orion/SamlLogin.aspx, and then click Next.

      The SolarWinds Platform Web Console must be configured to support https.

8. Under Relying party trust identifier on the Configure Identifiers page, paste the Audience URI from the SolarWinds Platform Web Console.

   Example Audience URI: http://hostname

   You can add one or more identifiers for this relying party. When you add all required identifiers, click Next.

9. On the Choose Access Control Policy select a policy and click Next. For more information, see Access Control Policies in Windows Server 2016 AD FS (© 2018 Microsoft, available at https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs, obtained on August 2, 2018).

10. Complete the wizard.

Step 2: Configure Claim Rules for the Relying Party Trust

When you have created the Relying Party Trust, configure Claim Rules:

1. Right-click the created Relying Party Trust and select Edit Claim Issuance Policy.

2. Click Add Rule.

3. From the drop-down, select Send LDAP Attributes as Claims, and click Next.

4. Fill in the Claim rule name and pick Active Directory as an Attribute store.

5. Next fill the Mapping of LDAP attributes as follows:

   LDAP Attribute	Outgoing Claim Type
   User-Principal-Name	Name ID
   Given-Name	FirstName
   Surname	LastName
   E-Mail-Addresses	Email
   Token-Groups - Qualified by Long Domain Name	OrionGroups

You have configured your AD FS to match the SolarWinds Platform requirements. If you have an additional website deployed, configure the additional website. Otherwise, continue by exporting the certificate.

Step 3: Configure Additional Website

This step applies only if you have deployed additional web servers.

1. In AD FS Management, right-click Relying Party Trusts, and select Properties.

2. Select the Endpoints tab and click the Add SAML button.

3. Set the following values and click OK.

   Field	Value
   Endpoint type	SAML Assertion Consumer
   Binding	POST
   Index	Select a value higher than existing indexes.
   Trusted URL	Your SAML login URL, such as https://hostname.domain/Orion/SAMLLogin.aspx This is the URL for your additional web server. Copy it from SSO Service URLs in the SolarWinds Platform Web Console.

4. Click Apply and then click OK.

   The additional website is configured for SAML configuration in the SolarWinds Platform.

Step 4: Export the token-signing certificate from the AD FS server

You need this certificate to complete the identity provider configuration in the SolarWinds Platform Web Console.

1. Open AD FS and navigate to Service > Certificates.

2. Click the Token-signing certificate.

3. In the Actions section, click View Certificate.

4. Click the Details tab, click Copy to File, and then click Next.

5. Select Base-64 encoded X.509 (.CER), and click Next.

6. Click Browse, select a location, enter a file name, and then click Save.

7. Click Next, and then click Finish.

Task 3: Complete the identity provider configuration in the SolarWinds Platform Web Console

1. Switch back to the SolarWinds Platform Web Console. You have the Add Identity Provider wizard open on the Prepare IdP step. Click Next.

2. In the Configure step, enter your Identity Provider details:

   • Identity Provider Name: specify how the identity provider will be displayed on the login page.

     Example provider name: AD FS

   • SSO Target URL: enter the URL manually, using the example format.

     Example format: https://hostname.domain/adfs/ls

   • Issuer (Entity ID): paste the Issuer URI.

     1. Open AD FS, navigate to Service and right-click it.
     2. Select Edit Federation Service Properties, copy Federation Service Identifier, and paste is into Issuer (Entity ID).

     Example format: http://hostname.local/adfs/services/trust

   • Public Certificate - Certificate in Base64 formWhere do I get the certificate for AD FS?

     Open the exported certificate in a text editor and copy it, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.

3. Save the configuration.

   When logging to the SolarWinds Platform Web Console, users now see an additional button Log In with <Identity Provider Name>. To enable users to log in using single sign-on, create SAML users or SAML user groups for the users.

Task 4: Define users for SAML login in the SolarWinds Platform Web Console

1. Log in to the SolarWinds Platform Web Console using an account with Administrator privileges.

2. Click Settings > All Settings, and then click Manage Accounts in the User Accounts section.

3. Click Add New Account.

4. Define the SAML individual user or group.

   Create SAML individual user account

   1. Select SAML individual account.
   2. Provide Name ID. Use the Active Directory user name, such as example.user@domain.
   3. Specify what the user can access and do, and then complete the wizard.

   Create SAML group account

   1. Select SAML group account.
   2. Provide Group ID. Use domain\Group Name
   3. Specify what users in the group can access and do, and complete the wizard.

   Your users can now log in. You can also test the login in Orion SAML Configuration.

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment. You elect to use third-party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.