Single Sign-On - SAML Setup Guide for ADFS
This guide demonstrates how to configure Active Directory Federation Services (ADFS) as an Identity Provider for Single Sign-On with Teamgage.
Before You Begin
To simplify setup, please check the following:
- Version: Check your version of ADFS and Windows Server.
These instructions are tailored to ADFS 4.0, which is integrated with Windows Server 2016.
If you are using a different version, please consider that some steps may differ slightly. - Environment: Determine which Teamgage server you are connecting to: UAT or Production
To ensure a smooth transition, we recommend first configuring SSO on our UAT (User Acceptance Testing) server to ensure compatibility with your environment.
This can also be used to prepare for your organisation's change management process. LDAP Attribute: Verify which AD User property is used to store the relevant email address in Active Directory Users and Groups.
Depending on your organisation's Active Directory and/or Exchange configuration, this could be:
- E-Mail-Addresses

- User-Principal-Name

- or something else
Quick Info
Federation Metadata URL:
Claims Required:
- Name ID: email address, UPN, or object GUID if available
- Email Address: email address
Detailed Configuration Steps
- Open Administrative Tools > AD FS Management Console.

- Right-click on Relying Party Trusts > Add Relying Party Trust

- Create a Claims Aware application

Import data about the relying party using the respective Federation metadata address
- Enter an appropriate Display Name such as: Teamgage - UAT
- Assign an Access Control Policy of Permit everyone.
Per-user access control is managed within Teamgage based on your HR data, and does not need to be managed through SSO.

- Complete the Wizard and Configure claims issuance policy
Alternatively: Right-click the application and select Edit Claim Issuance Policy.

- Add Rule

- Send LDAP Attributes as Claims

Configure the Claim Rule
- Select the Attribute Store: Active Directory
Add the following mappings of LDAP Attributes to Outgoing Claims:
Important: Ensure you select the correct LDAP Attribute for where your email address is stored.
Depending on your environment, this might not be the "E-Mail-Addresses" field.
See Before You Begin: 3. LDAP Attribute (above).
Finish and OK

To proceed with SSO activation, contact Teamgage Support with the following details:
Troubleshooting
Below are solutions to some common problems. If you have further difficulty, let out team know - support@teamgage.com
- Problem: You receive the error "The underlying connection was closed: An unexpected error occurred on a send."
- Solution: ADFS uses the .NET Framework, which might need to be configured to use strong TLS encryption on outbound requests.
For more information see Microsoft Support Article: Considerations for disabling and replacing TLS 1.0 in ADFS.
Related Articles
Single Sign-On - SAML Setup Guide
Using SAML authentication to provide a single sign-on experience for your organisation’s users can enhance your users’ experience in using Teamgage. Note that for users who only use Teamgage to submit their results and comments, we do not require ...
Single Sign-On (SSO) Options
Single Sign-On simplifies your organisation's experience when using Teamgage. Teamgage support multiple SSO options, depending on what best suits your organisation's IT environment. Azure AD This is the simplest method for organisations with Azure ...
Azure AD Single Sign-On (SSO) Setup Guide
The Azure Active Directory (Azure AD) integration for Teamgage allows your employees to log in seamlessly using Single Sign-On (SSO). With SSO, users can access Teamgage with one click, using their existing work credentials. You can choose to enable: ...
Azure AD Setup Guide (Single Sign-On & Microsoft Teams Integration)
The Azure Active Directory (Azure AD) integration with Microsoft Teams for Teamgage allows seamless access and engagement. With Single Sign-On (SSO), employees can log in with one click using their existing work credentials. Once connected, they can ...
Single-Sign-On (SSO) Login Issue - Access Denied
Sometimes you may encounter an issue logging into Teamgage when you're using Single Sign-On (SSO) - learn more about using SSO with Teamgage. A few things to check Firstly, ensure the your organisation has setup SSO with Teamgage *Check with your ...