How to configure Microsoft AD FS for access to the Aidbox UI

Create application group for Aidbox in AD FS

To create application group for Aidbox:

1. Open AD FS Management console

2. Open the Application Groups item in the left sidebar

3. Press the Add Application Group button in the right sidebar

4. On the Welcome page of the Wizard

   1. Define the name of the application

   2. Provide the description

   3. Chose the Server application type

5. Press the Next button

Server application page

1. Copy the Client Identifier. We will use it later during the IdentityProvider resource creation

2. Add the redirect_uri and press the Add button. Redirect uri should look like this https://aidbox.example.com/auth/callback/adfs

3. Press the Next button

Configure Application credentials

1. Check the Generate a shared secret checkbox

2. Copy generated secret. We will use it later during the IdentityProvider resource creation

3. Press the Next button

Summary

1. Review the summary

2. Press the Next button

Complete

1. Press the Close button

Create IdentityProvider in Aidbox

To create IdentityProvider in Aidbox use REST Console

POST /IdentityProvider

id: adfs
resourceType: IdentityProvider
title: AD FS on Prem # button label on the Aidbox login page
scopes:
  - profile
  - openid
system: adfs
authorize_endpoint: https://<adfs-domain>/adfs/oauth2/authorize/
token_endpoint: https://<adfs-domain>/adfs/oauth2/token/
userinfo_endpoint: https://<adfs-domain>/adfs/userinfo
userinfo-source: id-token | userinfo-endpoint
client:
  id: <your client id> # client id issued by AD FS
  secret: <your client secret> # shared secred issued by AD FS
active: true

Login to Aidbox

To login to Aidbox with AD FS:

1. Open Aidbox front-page

2. Press the Login with AD FS on Prem

3. Enter your domain credentials in AD FS login page

Then user is redirected back to Aidbox, and Aidbox logs user in.