Single Sign-On - SAML Setup Guide for ADFS

Single Sign-On - SAML Setup Guide for ADFS

This guide demonstrates how to configure Active Directory Federation Services (ADFS) as an Identity Provider for Single Sign-On with Teamgage.

Not using ADFS? Teamgage also supports other SSO options.

Before You Begin

To simplify setup, please check the following:

  1. Version: Check your version of ADFS and Windows Server.
    These instructions are tailored to ADFS 4.0, which is integrated with Windows Server 2016.
    If you are using a different version, please consider that some steps may differ slightly.
  2. Environment: Determine which Teamgage server you are connecting to: UAT or Production
    To ensure a smooth transition, we recommend first configuring SSO on our UAT (User Acceptance Testing) server to ensure compatibility with your environment.
    This can also be used to prepare for your organisation's change management process.
  3. LDAP Attribute: Verify which AD User property is used to store the relevant email address in Active Directory Users and Groups.
    Depending on your organisation's Active Directory and/or Exchange configuration, this could be:
    • E-Mail-Addresses
    • User-Principal-Name
    • or something else

Quick Info

Federation Metadata URL:

Claims Required:

  • Name ID: email address, UPN, or object GUID if available
  • Email Address: email address

Detailed Configuration Steps

  1. Open Administrative Tools > AD FS Management Console.
  2. Right-click on Relying Party Trusts > Add Relying Party Trust
  3. Create a Claims Aware application
  4. Import data about the relying party using the respective Federation metadata address

  5. Enter an appropriate Display Name such as: Teamgage - UAT
  6. Assign an Access Control Policy of Permit everyone.
    Per-user access control is managed within Teamgage based on your HR data, and does not need to be managed through SSO.
  7. Complete the Wizard and Configure claims issuance policy
    Alternatively: Right-click the application and select Edit Claim Issuance Policy.
  8. Add Rule
  9. Send LDAP Attributes as Claims
  10. Configure the Claim Rule

    1. Select the Attribute Store: Active Directory
    2. Add the following mappings of LDAP Attributes to Outgoing Claims:
      • E-Mail-Addresses (or correct attribute) -> Name ID

      • E-Mail-Addresses (or correct attribute) -> E-Mail Address

    3. Important: Ensure you select the correct LDAP Attribute for where your email address is stored.
      Depending on your environment, this might not be the "E-Mail-Addresses" field.
      See Before You Begin: 3. LDAP Attribute (above).

  11. Finish and OK

  12. To proceed with SSO activation, contact Teamgage Support with the following details:


Below are solutions to some common problems. If you have further difficulty, let out team know -

Error when submitting the Federation Metadata URL

  1. Problem: You receive the error "The underlying connection was closed: An unexpected error occurred on a send."
  2. Solution: ADFS uses the .NET Framework, which might need to be configured to use strong TLS encryption on outbound requests.

For more information see Microsoft Support Article: Considerations for disabling and replacing TLS 1.0 in ADFS.

    • Related Articles

    • Single Sign-On - SAML Setup Guide

      Using SAML authentication to provide a single sign-on experience for your organisation’s users can enhance your users’ experience in using Teamgage. Note that for users who only use Teamgage to submit their results and comments, we do not require ...
    • Single-Sign-On (SSO) Options

      Single Sign-On simplifies your organisation's experience when using Teamgage. Teamgage support multiple SSO options, depending on what best suits your organisation's IT environment. Azure AD This is the simplest method for organisations with Azure ...
    • Teamgage SSO Login Issue

      Sometimes Users will encounter an issue logging into Teamgage when their Organisation uses Single Sign-On (SSO) with Teamgage.   1.       Firstly, ensure the Users Organisation has SSO active with Teamgage. 2.       Check that the email address the ...
    • Azure AD Setup Guide (Single-Sign-On and Microsoft Teams)

      The Azure Active Directory (Azure AD) integration for Teamgage enables your employees to use: Single Sign-On (SSO): Login to Teamgage with one click, allowing seamless access to your Teamgage account Microsoft Teams: Access reports, leave feedback ...
    • Microsoft Teams Notification setup

      Setup an integration between Teamgage and Microsoft Teams, so notifications are sent to users via Teams rather than email (Learn more about our Teams integration). Ensure your organisation has setup Azure AD with Teamgage Request access to the ...