# Configure SAML authentication settings in OpManager for Microsoft AD FS? Listed below are the steps to configure SAML authentication in OpManager (SP) for Microsoft AD FS (IdP) with Single Sign-On. 1. Open **AD FS management** and click on **Add Relying Party Trust**. ![Configure ADFS IdP in OpManager: Click on Add Relying Party Trust](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-1.png) 2. Now, go to OpManager and navigate to **Settings -> General Settings -> Authentication -> SAML**. Download the **Service Provider metadata** and **SP Certificate** files from the links provided and copy the **SP Entity ID** and **ACS URL**. ![Configure ADFS IdP in OpManager: Service Provider Metadata and SP Certificate files under SAML](https://www.manageengine.com/network-monitoring/how-to/images/SAML-authentication-1.png) 3. Go back to AD FS, click **Start** and choose **‘Import data about the relying party from a file’**. Upload the **metadata** file. Click on **Next**. Note: Please refer to the 7th point under configuring Microsoft Ad FS manually for the next steps. ![Configure ADFS IdP in OpManager: Upload metadata file in ADFS](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-2.png) You can also configure Microsoft ADFS manually. To do so, 1. Login to **ADFS management** and select **Add Relying Party Trust**. 2. Click **Start** and choose **‘Enter data about the relying party manually’**. Click on **Next**. ![Configure ADFS IdP in OpManager: Manual ADFS configuration](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-4.png) 3. Go to **Choose Profile** and select **AD FS profile**. Click **Next**. ![Configure ADFS IdP in OpManager Choose ADFS profile](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-5.png) 4. Choose **‘Enable support for SAML 2.0 WebSSO protocol’** option and enter the service provider URL. Click on **Next**. ![Configure ADFS IdP in OpManager: Enable support for SAML 2.0 WebSSO protocol](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-7.png) 5. Navigate to **OpManager** and copy the **Entity ID**. Go to **Configure Identifiers** in **Microsoft AD FS** and paste the **Entity ID** in **relying party trust identifier**. ![Configure ADFS IdP in OpManager: Entity ID](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-8.png) 6. Choose the **‘I do not want to configure multi-factor authentication settings for this relying party trust at this time’** option. Click **Next**. ![Configure ADFS IdP in OpManager: Skip multi-factor authentication settings](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-9.png) 7. Select **‘Permit all users to access this relying party’** option. Click **Next**. ![Configure ADFS IdP in OpManager: Permit all users to access](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-10.png) 8. Click on **Next**. ![Configure ADFS IdP in OpManager: Next option](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-11.png) 9. Check the option **'Open the Edit Claim Rules dialog for this relying party trust when the wizard closes’** and select **Close**. ![Configure ADFS IdP in OpManager: Check the Open the Edit Claim Rules dialog for this relying party trust when the wizard closes option](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-12.png) 10. **Click on** Add Rule. In the drop-down list under **Claim rule template**, choose **Transform an Incoming Claim** and click **Next**. ![Configure ADFS IdP in OpManager: Claim rule template](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-13.png) ![Configure ADFS IdP in OpManager: Transform an incoming claim](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-14.png) 11. Enter appropriate **Claim rule name**. Choose **Windows account name** as **Incoming claim type**. Select **Name ID** as **Outgoing claim type**. Choose **Transient Identifier** as **Outgoing name ID format**. Select **Pass through all claim values**. Click on **Finish**. ![Configure ADFS IdP in OpManager: Enter appropriate claim rule name](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-15.png) 12. Click on **Apply** and then select **OK**. ![Configure ADFS IdP in OpManager: Apply and select ok](https://www.manageengine.com/network-monitoring/how-to/images/configure-adfs-idp-16.png) 13. The next step is to download the **Federation Metadata** XML file from **ADFS**. You can download the XML by appending: **FederationMetadata/2007-06/FederationMetadata.xml** to the root URL of the **ADFS** server. For example: If the FQDN of the ADFS server is dc.com, then the complete URL would be https://dc.com/federationmetadata/2007-06/FederationMetadata.xml 14. In the **OpManager** web console, navigate to **Settings -> General Settings -> Authentication -> SAML**. Here, select the IdP as **ADFS** and choose the **Name ID** as **Transient**. Beside **Configuration by uploading**, choose **Metadata** and upload the Metadata XML file. ![Configure ADFS IdP in OpManager: Name ID format under SAML](https://www.manageengine.com/network-monitoring/how-to/images/adfs-transient.png) Once the configurations are done on both sides, SAML authentication via AD FS will be enabled in OpManager. In OpManager's login portal, choose to **Login with AD FS** and enter the necessary credentials to login. [Click here](https://www.manageengine.com/network-monitoring/SAML-authentication.html#idp) to learn more about SAML authentication in OpManager.