Single Sign-On - SAML Setup Guide for ADFS
This guide demonstrates how to configure Active Directory Federation Services (ADFS) as an Identity Provider for Single Sign-On with Teamgage.
Not using ADFS? See Single Sign-On - SAML Setup Guide for more general guidance.
Before You Begin
To simplify setup, please check the following:
- Version: Check your version of ADFS and Windows Server.
These instructions are tailored to ADFS 4.0, which is integrated with Windows Server 2016.
If you are using a different version, please consider that some steps may differ slightly.
- Environment: Determine which Teamgage server you are connecting to: UAT or Production
To ensure a smooth transition, we recommend first configuring SSO on our UAT (User Acceptance Testing) server to ensure compatibility with your environment.
This can also be used to prepare for your organisation's change management process.
- LDAP Attribute: Verify which AD User property is used to store the relevant email address in Active Directory Users and Groups.
Depending on your organisation's Active Directory and/or Exchange configuration, this could be:
- or something else
Federation Metadata URL:
- Name ID: email address, UPN, or object GUID if available
- Email Address: email address
Detailed Configuration Steps
- Open Administrative Tools > AD FS Management Console.
- Right-click on Relying Party Trusts > Add Relying Party Trust
- Create a Claims Aware application
- Import data about the relying party using the respective Federation metadata address
- Enter an appropriate Display Name such as: Teamgage - UAT
- Assign an Access Control Policy of Permit everyone.
Per-user access control is managed within Teamgage based on your HR data, and does not need to be managed through SSO.
- Complete the Wizard and Configure claims issuance policy
Alternatively: Right-click the application and select Edit Claim Issuance Policy.
- Add Rule
- Send LDAP Attributes as Claims
- Configure the Claim Rule
- Select the Attribute Store: Active Directory
- Add the following mappings of LDAP Attributes to Outgoing Claims:
Important: Ensure you select the correct LDAP Attribute for where your email address is stored.
Depending on your environment, this might not be the "E-Mail-Addresses" field.
See Before You Begin: 3. LDAP Attribute (above).
Finish and OK
To proceed with SSO activation, contact Teamgage Support with the following details:
Below are solutions to some common problems. If you have further difficulty, please contact Teamgage Support.
Error when submitting the Federation Metadata URL
Problem: You receive the error "The underlying connection was closed: An unexpected error occurred on a send."
Solution: ADFS uses the .NET Framework, which might need to be configured to use strong TLS encryption on outbound requests.
For more information see Microsoft Support Article: Considerations for disabling and replacing TLS 1.0 in ADFS.
Single Sign-On - SAML Setup Guide
Using SAML authentication to provide a single sign-on experience for your organisation’s users can enhance your users’ experience in using Teamgage. Note that for users who only use Teamgage to submit their results and comments, we do not require ...
Microsoft Integration – SSO and Teams - Azure AD Setup Guide
The Teamgage and Microsoft Teams integration allows your employees to access reports, leave feedback and collaborate without ever leaving Microsoft Teams. With Single Sign-On enabled, the app is seamlessly accessible, without any requirement to ...
Leader Quick Start Guide
Information for a leader or manager to make a strong start in Teamgage Teamgage puts you and your team at the heart of the improvement process. It’s your process to own and shape with the team but we’ve a good idea of what works well. Ensure you ...
Email whitelisting - Technical Guide
There are three steps which should be performed by your organisation's IT team to reliably receive Teamgage reminder/notification emails: IP Whitelisting on the inbound mail gateway Domain/Sender Whitelisting on the spam filtering appliance Safe ...
Can't access your dashboard?
Information on the steps needed to gain access to your Teamgage dashboard Can’t access your dashboard? Follow the link in your welcome email from ‘email@example.com’ Tip: check your junk folder or you "other" (non-focused) inbox if you can’t locate ...