Lithnet Access Manager
PricingRequest a trial or quoteDownloads
v1.0
v1.0
  • Home
  • How does Access Manager help prevent lateral movement
  • Access Manager Editions
  • Licensing
  • Change log
  • Installation
    • Downloads
    • Creating a service account for the Access Manager service
    • Choosing between the Microsoft and Lithnet agents for LAPS support
    • Installing Access Manager
      • Access Manager Agent
      • Access Manager Service
  • Configuration
    • Setting up Authentication
      • Setting up smart card authentication
      • Setting up authentication with ADFS
      • Setting up authentication with Azure AD
      • Setting up authentication with Okta
    • Deploying features
      • Setting up Microsoft LAPS
      • Setting up Bitlocker access
      • Setting up Just-in-Time access
      • Setting up password encryption and history
      • Installing in a Failover Cluster
      • Integrated Windows authentication
    • Importing authorization rules
      • Importing BitLocker permissions
      • Importing local administrators group membership
      • Importing Microsoft LAPS permissions
      • Importing mappings from a CSV file
      • Importing rules from Lithnet LAPS web app
  • Help & Support
    • Frequently asked Questions
    • Troubleshooting
    • Getting Support
  • Advanced help
    • Advanced help topics
      • Access evaluation in Access Manager Service (AMS)
      • Performing an offline discovery of local admins
      • Script-based authorization
      • Backing up Access Manager
      • Recovering from a lost encryption certificate private key
    • Application help pages
      • Active Directory
      • Audit variables
      • Auditing Page
      • Auditing scripts
      • Authentication Provider
      • Authorization Page
      • BitLocker Page
      • Effective Access Page
      • SMTP Server Settings
      • High Availability Page
      • Proxy Settings
      • Jit Access Page
      • Licensing-Page
      • Local Admin Passwords Page
      • Rate Limits Page
      • User Interface Page
      • Web Hosting Page
Powered by GitBook
On this page
  • Part 1: Configure a new replying party trust in ADFS
  • Part 2: Configure Lithnet Access Manager

Was this helpful?

  1. Configuration
  2. Setting up Authentication

Setting up authentication with ADFS

PreviousSetting up smart card authenticationNextSetting up authentication with Azure AD

Last updated 2 years ago

Was this helpful?

The following guide will assist you in configuring your application to use Active Directory Federation Services (ADFS) for authentication.

Part 1: Configure a new replying party trust in ADFS

  1. Open the ADFS console, expand Trust Relationships, right-click Relying Part Trusts and select Add relying-party trust

  2. Click Next and select Enter data about the relying party manually

  3. Specify Lithnet Access Manager as the display name

  4. Select AD FS profile

  5. Skip the encryption certificate step

  6. Check the box to Enable support for the WS-Federation Passive protocol. Specify the base URL where your Lithnet Access Manager is hosted (eg https://accessmanager.lithnet.local/)

  7. Skip the page prompting you to add additional relying party trust identifiers

  8. Optionally, configure multi-factor authentication for the trust, and follow the remaining pages through to completion

  9. Edit the claim rules for the application. Add a new issuance transform rule to Send LDAP attributes as claims

  10. Set 'Issue UPN' as the claim rule name. Select Active Directory as the attribute store, User-Principal-Name as the LDAP Attribute and UPN as the outgoing claim type

Part 2: Configure Lithnet Access Manager

  1. In the metadata field, provide the metadata URL for your ADFS server (usually something like https://adfs.lithnet.local/FederationMetadata/2007-06/FederationMetadata.xml)

  2. Enter the base URL of your application in the Realm field.