Tags | Authentication | SSO | ADFS |
Available on Basic, Business plans
Admin privileges required
Step 1: On your ADFS Server, Open up ADFS Management.
Step 2: Right-click on Relying Party Trusts and select Add Relying Party Trust. This will launch the Add Relying Party Trust Wizard.
Step 3: In the Select Data Source step, choose Enter data about the relying party manually.
Step 4: Enter a Display name “Stack Overflow for Teams” and click Next
Step 5: Choose AD FS profile with SAML 2.0 and click Next.
Step 5: Click Next on the Configure Certificate screen without choosing any certificates.
Step 6: Select Enable support for the SAML 2.0 SSO Web SSO protocol.
Step 7: Enter the login URL (for example: https://sso.stackoverflow.com/c/[your_site]/auth/saml2/post) and click Next.
Note: Please make that you always use an HTTPS URL
Step 8: Add a Relying party trust identifier, Eg: https://stackoverflow.com/c/[your_site]
Step 9: Click Next until you reach the Finish screen.
Step 10: Choose to Open the Edit Claim Rules dialog before clicking finish to edit the further configuration. This will launch the Edit Claim Rules window.
Step 11: Click on Add Rule and Choose Claim Rule as Send LDAP Attributes as Claims.
Step 12: Stack Overflow for Teams requires Display Name and Email assertions to be sent.
Step 13: On the AD FS Management window, right-click on the Relying Party for Stack Overflow for Teams and choose properties. Under the Advanced tab, choose SHA-256 as the Secure hash Algorithm.
Step 14: On the AD FS Management Window, choose Services -> Certificates and double click on Token Signing Certificate, which will give you an option "copy to file". By doing this, you will be able to export the X509 certificate from the raw file.
Along with other settings from your ADFS installation, the certificate will need to be entered into the Certificate field on the Auth Settings page in Stack Overflow for Teams.
Please contact support if you cannot get ADFS to work as we might have to update a setting on the backend to accommodate certain versions of ADFS.
In Stack Overflow, complete the remaining required fields and Enable SSO.
Need help? Submit an issue or question through our support portal.