# SAML Authentication - How To's ## How to configure SAML authentication settings in Central Server for AD FS? ## Description This document will walk you through the steps required to configure SAML Authentication settings in Central Server for AD FS. ## Installation Steps - Open **AD FS management**. Click on **Add Relying Party Trust**. [![ADfs Add Relying Party Trust](https://www.manageengine.com/products/desktop-central/help/images/adfs-1.png)](https://www.manageengine.com/products/desktop-central/help/images/adfs-1.png) - Click on **Start**. [![Add Relying Party Trust start button](https://www.manageengine.com/products/desktop-central/help/images/adfs-2.png)](https://www.manageengine.com/products/desktop-central/help/images/adfs-2.png) - Choose **Enter data about the relying party manually**. Click on **Next**. ![Enter data about the relying party manually Next button](https://www.manageengine.com/products/desktop-central/help/images/adfs-3.png) - Enter an appropriate **Display name**. ![Enter an appropriate Display name page](https://www.manageengine.com/products/desktop-central/help/images/adfs-4.png) - Click on **Next**. ![configure certificate next button](https://www.manageengine.com/products/desktop-central/help/images/adfs-5.png) - In **Central Server**, navigate to **Admin** tab and select **SAML Authentication**. Choose **Certificate against Configuration** by downloading. Copy the **Assertion Consumer URL**. [![Central Server Saml page](https://www.manageengine.com/products/desktop-central/images/adfs-8-ac-url-copy.png)](https://www.manageengine.com/products/desktop-central/images/adfs-8-ac-url-copy.png) - Choose **Enable support for the SAML 2.0 WebSSO protocul**. Paste the **Assertion Consumer URL** here. Click on **Next**. ![add assertion url page](https://www.manageengine.com/products/desktop-central/help/images/adfs-7.png) - Again in **Central Server**, navigate to **Admin** tab and select **SAML Authentication**. Choose **Certificate against Configuration** by downloading. Copy **Entity ID**. [![copy endity id form central server](https://www.manageengine.com/products/desktop-central/images/adfs-10-entity-id-copy.png)](https://www.manageengine.com/products/desktop-central/images/adfs-10-entity-id-copy.png) - In **AD FS management**, paste the **Entity ID** in the **Relying party trust identifier**. Click on **Add**. ![paste entity id in adfs page](https://www.manageengine.com/products/desktop-central/help/images/adfs-9.png) - Click on **Next**. ![click on next after paste entity id](https://www.manageengine.com/products/desktop-central/help/images/adfs-10.png) - Choose **Permit everyone**. Click on **Next**. ![permit everyone and next page](https://www.manageengine.com/products/desktop-central/help/images/adfs-11.png) - Click on **Next**. ![ready to add trust click on next](https://www.manageengine.com/products/desktop-central/help/images/adfs-12.png) - Click on **Close**. ![after finish close button](https://www.manageengine.com/products/desktop-central/help/images/adfs-13.png) - Select the added **Relying Party Trust (1)** (Endpoint_Central_SAML) and click on **Edit Claim Issuance Pulicy (2)**. ![edit clalim inssuance policy](https://www.manageengine.com/products/desktop-central/help/images/adfs-14.png) - Click on **Add Rule**. ![click on add rule](https://www.manageengine.com/products/desktop-central/help/images/adfs-15.png) - In the drop-down list under Claim rule template, choose **Transform an Incoming Claim**. Click on **Next**. ![next choose transform and incomain claim](https://www.manageengine.com/products/desktop-central/help/images/adfs-16.png) - Enter appropriate **Claim rule name**. Choose **Windows account name** as **Incoming claim type**. Select **Name ID** as **Outgoing claim type**. Choose **Transient Identifier** as **Outgoing name ID format**. Select **Pass through all claim values**. Click on **Finish**. ![claimrule,select name Id, other and finsh](https://www.manageengine.com/products/desktop-central/help/images/adfs-17.png) - Click on **Apply** and then click **OK**. ![select apply click ok](https://www.manageengine.com/products/desktop-central/help/images/adfs-18.png) - The next step is to download the **Federation Metadata** XML file from ADFS. The XML can be downloaded by appending `FederationMetadata/2007-06/FederationMetadata.xml` to the root URL of the **ADFS** server. For example: If the FQDN of the ADFS server is `ec.com`, then the complete URL would be: https://ec.com/federationmetadata/2007-06/FederationMetadata.xml - In the **Central Server** console, navigate to **Admin** → **SAML Authentication**. Select the IdP as **ADFS** and choose the **Name ID** as **Username**. Beside Configuration by uploading, choose **Metadata** and upload the Metadata XML file. Click on **Save**. [![Central server Identiy provide details](https://www.manageengine.com/products/desktop-central/images/adfs-desktop-central.png)](https://www.manageengine.com/products/desktop-central/images/adfs-desktop-central.png) - Open Central Server console. Click on **Login with ADFS**. Enter the credentials. [![Central Server Login page](https://www.manageengine.com/products/desktop-central/images/adfs-desktop-central1.png)](https://www.manageengine.com/products/desktop-central/images/adfs-desktop-central1.png) ![ADFS login page](https://www.manageengine.com/products/desktop-central/help/images/adfs-20.png)