Skip Navigation

Add an AD FS Claims Provider service

If your organization has apps that use 
Active Directory
 Federation Services (AD FS) forms-based authentication, you  can add an AD FS Claims Provider service so that 
Enterprise Identity
  can authenticate the AD FS apps using the forms authentication type.
Enterprise Identity
 supports AD FS 2019 and later
  • Verify that the AD FS role has been added to the 
    Active Directory
     server.
  • Verify that 
    UEM
     is connected to the 
    Active Directory
     server that has the AD FS role.
  1. In the 
    UEM
    management console, click 
    Settings
     > 
    BlackBerry Enterprise Identity
     > 
    Services
    .
  2. In the 
    SAML Services
     table, click The Add icon.
  3. Click 
    ADFS Claims Provider
    .
  4. If you want to enable ZSO for users, select the 
    Allow Mobile ZSO when specified by authentication policy
     and 
    Allow Kerberos Desktop ZSO when specified by authentication policy
     check boxes.
  5. Type a name and description for the service.
  6. In the  
    Service provider entity ID
     field, enter 
    http://<adfs_host>/adfs/services/trust
    , where 
    adfs_endpoint
     is the name of the 
    Active Directory
     server that has the ADFS role.
  7. In the  
     Assertion consumer service POST URL
     field, enter 
    http://<adfs_host>/adfs/services/ls
    , where 
    adfs_endpoint
     is the name of the 
    Active Directory
     server that has the ADFS role.
  8. In the  
    Single logout service URL
     field, enter 
    http://<adfs_host>/adfs/services/ls
    , where 
    adfs_endpoint
     is the name of the 
    Active Directory
     server that has the ADFS role.
  9. Click 
    Save
    .
Assign the service to users.