Requesting ADFS for applications

Verify suitability

Applications that require SAML or OIDC authentication should leverage Enterprise Authentication whenever possible. If an application can leverage Enterprise Authentication, please submit an integration request for Enterprise Authentication rather than requesting ADFS configuration

Submit the required information

Submit the following information to the Active Directory team via the Service Now form:

1. The name of the application

2. The name of the department or team that manages the application

3. The official university department code of the department that manages the application

4. The email address of a distribution list for the technical contacts of the application

5. The EIDs for the technical contacts of the application

6. The authentication method used by the application

   • SAML, WS-Fed, or OIDC

7. The URL(s) of the application

   • SAML: the Assertion Consumer Services (ACS) URL

   • WS-Fed: the endpoint URL

   • OIDC: the redirect URL(s)

   • Service URLs are strongly preferred; URLs to specific hosts be avoided

8. The identifier(s) of the application

   • The identifier should match the URL unless one or more specific identifiers are required by the application

9. The claims and/or scopes requested by the application

   • Any claims that require protected information may require additional approval

10. Any custom multi-factor authentication (MFA) configuration required by the application

    • The default Permit everyone and require MFA policy is applied when a custom configuration is not requested