Skip to main content


This document describes how to configure Single Sign-on when Active Directory Federated System (ADFS) is your identity provider.

In this document, you’ll learn how to integrate Chakra with ADFS. When you integrate Chakra with ADFS, you can:

  • Control in ADFS who has access to Chakra.
  • Enable your users to be automatically signed-in to Chakra with their ADFS accounts.
  • Manage your accounts in one central location - the ADFS portal.


To set-up and use ADFS and Chakra Single Sign-on (SSO) feature:

  • An ADFS Server access.
  • You need to have administrator access to your organization’s ADFS Server.
  • You need to have administrator access on Chakra.

Actions to be done on Chakra

  1. Go to Admin → SSO & Authentication
  2. Add the ADFS provider from “Add Provider”
  3. Go to the ADFS Provider details page and copy the values for “SP ACS URL” and “SP Entity ID”. These values will be used in steps 8 & 9 below - “Actions to be performed on ADFS Server” Chakra Config 1
  4. Add the ADFS Sign-in URL and ADFS Sign-out URL Chakra Config 2
  5. ASFS Public X509 Certificate which you will get in the Step 8 of ADFS Certificate Thumbprint Chakra Config 3

Actions to be done on ADFS Server

Add Relying Party Trust

  1. Open the Server Manager ADFS Server Config 1
  2. Open the ADFS Management console (Tools > ADFS Management) ADFS Server Config 2
  3. Under the Actions pane, click Add Relying Party Trust ADFS Server Config 3
  4. You’ll now see the welcome page of the Add Relying Party Trust Wizard. Click Start. ADFS Server Config 4
  5. Select the “Enter data about relying party manually” radio button, then click Next. ADFS Server Config 5
  6. Enter a “Display Name” of your choice, then click Next ADFS Server Config 6
  7. Leave the certificate settings here as their defaults and just click Next ADFS Server Config 7
  8. Select “Enable support for the SAML 2.0 WebSSO protocol”

    For “Relying party SAML2.0 SO service URL”, paste the value of “SP ACS URL” copied earlier. Click Next. ADFS Server Config 8

  9. For “Relying party trust identifier” paste the value of “SP Entity ID” copied earlier. Then click the “Add” button. ADFS Server Config 9
  10. Once you see the added entry in the list “Relying party trust identifiers:”, click Next ADFS Server Config 10
  11. Keep the default setting (Permit everyone) and click Next. ADFS Server Config 11
  12. The configurations are now complete. Click Next to continue. ADFS Server Config 12
  13. The relying party trust has now been added. Click Close to proceed to the Edit Claim Rules dialog. ADFS Server Config 13
  14. Click the Add Rule button. ADFS Server Config 14
  15. Click Next to create a Send LDAP Attributes as Claims rule. ADFS Server Config 15
  16. Enter a name for the claim rule, select the Attribute store as Active Directory (this is where the LDAP attributes will be extracted from), then map the LDAP attributes to the outgoing claim type as shown below. Click Finish when you’re done. ADFS Server Config 16
  17. Now click OK. ADFS Server Config 17
  18. Now navigate to ADFS Management>Relying Party Trusts, You can see all relying party trusts here. If required, you can edit claims by clicking Edit claim rules. You may also change identifiers by clicking Properties. ADFS Server Config 18
  19. Navigate to ADFS>Service>Endpoints, and ensure that the following endpoint is enabled /adfs/services/trust/13/usernamemixed ADFS Server Config 19

ADFS Certificate Thumbprint

  1. Navigate to ADFS > Service > Certificates. ADFS Certificate Thumbprint 1
  2. Right-click the certificate under Token-signing, then click View Certificate ADFS Certificate Thumbprint 2
  3. From the Certificate dialog, switch to the Details tab and click Copy to File ADFS Certificate Thumbprint 3
  4. From the Certificate Export Wizard that opens, click Next ADFS Certificate Thumbprint 4
  5. Select Base-64 encoded X.509 (.CER) for the format and click Next ADFS Certificate Thumbprint 5
  6. From File name, specify the path to where the exported certificate should save along with its filename and click Next ADFS Certificate Thumbprint 6_1ADFS Certificate Thumbprint 6_2ADFS Certificate Thumbprint 6_3
  7. Review the settings for the exported certificate and click Finish ADFS Certificate Thumbprint 7
  8. Open the exported certificated file and copy the certificate key ADFS Certificate Thumbprint 8_1ADFS Certificate Thumbprint 8_2