Please fill out this form to unlock your content.
Contact Us


We'll be in touch soon.
Oops! Something went wrong while submitting the form.

Connect ADFS with SeamlessDocs Auth0

Learn how to connect your Active Directory with SeamlessAuth.

Published on

December 22, 2016


Feature Friday

Connect ADFS with Auth0

SeamlessDocs leverages Auth0 for authentication. See below the required needs to sync with your Active Directory.

Provide this information to your ADFS administrator:

  • Realm Identifier: urn:auth0:YOUR_TENANT
  • Endpoint: https://YOUR_AUTH0_DOMAIN/login/callback

Note: If you want to use the /oauth/ro endpoint you must enable /adfs/services/trust/13/usernamemixed.

Note: The Federation Metadata file contains information about the ADFS server's certificates. If the Federation Metadata endpoint (/FederationMetadata/2007-06/FederationMetadata.xml) is enabled in ADFS, Auth0 can periodically (once a day) look for changes in the configuration, like a new signing certificate added to prepare for a rollover. Because of this, enabling the Federation Metadata endpoint is preferred to providing a standalone metadata file. If you provide a standalone metadata file, we will notify you via email when the certificates are close to their expiration date.

Scripted setup

For automated integration, this script uses the ADFS PowerShell SnapIn to create and configure a Relying Party that will issue, for the authenticated user, the following claims: emailupngiven name and surname.

(new-object Net.WebClient -property @{Encoding = [Text.Encoding]::UTF8}).DownloadString("https://raw.github.com/auth0/adfs-auth0/master/adfs.ps1") | iex AddRelyingParty "urn:auth0:YOUR_TENANT" "https://YOUR_AUTH0_DOMAIN/login/callback"

Copy and paste the script above into the Windows PowerShell window.

Note: You must run this script as an administrator of your system.



$realm = "urn:auth0:YOUR_TENANT"; $webAppEndpoint = "https://YOUR_AUTH0_DOMAIN/login/callback"; Add-PSSnapin Microsoft.Adfs.Powershell Add-ADFSRelyingPartyTrust -Name $realm -Identifier $realm -WSFedEndpoint $webAppEndpoint $rp = Get-ADFSRelyingPartyTrust -Name $realm


$rules = @' @RuleName = "Store: ActiveDirectory -> Mail (ldap attribute: mail), Name (ldap attribute: displayName), Name ID (ldap attribute: userPrincipalName), GivenName (ldap attribute: givenName), Surname (ldap attribute: sn)" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory",    types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",             "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",             "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",             "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",             "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"), query = ";mail,displayName,userPrincipalName,givenName,sn;{0}", param = c.Value); '@ Set-ADFSRelyingPartyTrust –TargetName $realm -IssuanceTransformRules $rules $rSet = New-ADFSClaimRuleSet –ClaimRule '=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");' Set-ADFSRelyingPartyTrust –TargetName $realm –IssuanceAuthorizationRules $rSet.ClaimRulesString

Manual setup

If you don't feel comfortable executing the script, you can follow these steps:

  1. Open the ADFS Management Console.
  2. Click on Add Relying Party Trust.
  3. Click Start on the first step.
  4. Select Enter data about the relying party manually and click Next.
  1. Enter an arbitrary name (e.g. "YOUR_APP_NAME") and click Next.
  2. Leave the default selection (ADFS 2.0 profile) and click Next.
  3. Leave the default (no encryption certificate) and click Next.
  4. Check Enable support for the WS-Federation..., enter the following value in the textbox and click Next.
  5. https://YOUR_AUTH0_DOMAIN/login/callback
  1. Add a Relying party trust identifier with the following value and click Add and then Next.
  2. urn:auth0:YOUR_TENANT
  1. Leave the default option (Permit all users...) and click Next.
  2. Click Next and then Close. The UI will show a new window to edit the Claim Rules.
  3. Click on Add Rule....
  4. Leave the default option (Send LDAP Attributes as Claims).
  1. Give the rule an arbitrary name that describes what it does. For example:
  2. Map ActiveDirectory attributes (mail -> Mail, displayName -> Name, userPrincipalName -> NameID, givenName -> GiveName, sn -> Surname)
  3. Select the mappings as shown in this image and click Finish.
  1. (Optional) Adding additional LDAP attributes

The mappings created on step 15 are the most commonly used, but if you need additional LDAP attributes with information about the user, you can add more claim mappings.

If you already closed the window on the previous step, select Edit Claim Rules on the context menu for the Relying Party Trust you created, and edit the rule from step 14).

Create a row for every additional LDAP attribute you need, choosing the attribute name on the left column and desired claim type on the right column. If the claim type you are looking for doesn't exist, you have two options:

  • Type a namespace-qualified name for the new claim (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department).
  • Register a new claim type (under AD FS | Services | Claim Descriptions) on the ADFS admin console), and use the claim name in the mapping.

Auth0 will use the name part of the claim type (i.e. department in http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department) as the attribute name for the user profile.

Yes, running the script is definitely easier.

Ready to Learn More?

Schedule 1:1 Meeting

Download the Asset by Filling Out This Form:

Oops! Something went wrong while submitting the form

Daniel "Dan" Tangerhlini

President SeamlessDocs Federal


Thanks! We will get in touch ASAP!

Oops! Something went wrong while submitting the form

Thanks! We will get in touch ASAP!

Oops! Something went wrong while submitting the form

Relevant Templates

We took the lessons from other cities and made a template for you!

Sorry, we don't have any relevant templates set up for this post yet. You can request one below.


Feature Friday

View ALL Posts

Ready to Learn More?

Start replicating these partners' success by booking your free consultation.

Thanks! We will get in touch ASAP!

Oops! Something went wrong while submitting the form

Automate Your Forms Today

Regardless of your form and paper process problems we have a solution for you.

Thanks! We will get in touch ASAP!

Oops! Something went wrong while submitting the form

SeamlessGov Website Consultation

Turn your current municipal website into a beautiful, web experience

Thanks! We will get in touch ASAP!

Oops! Something went wrong while submitting the form

.p-ellipsis { white-space: nowrap; overflow: hidden; text-overflow: ellipsis; } .thumbnail_h1 { white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }