Microsoft ADFS 3.0 and 4.0 integration

Microsoft ADFS 3.0 and 4.0 integration

Last update: 03.04.2024

Configuring authorization in Picvario via Microsoft ADFS requires configuring a number of standard parameters in the Picvario administrative panel, used regardless of your ADFS version. The only difference is the way of obtaining these parameters in different versions of Microsoft ADFS.

Configuring Microsoft ADFS 3.0

Integration occurs through the Relying Party Trust configuration. The setup instructions can be found here:

https://django-auth-adfs.readthedocs.io/en/latest/adfs_3.0_config_guide.html#step-1-configuring-a-relying-party-trust

After completing the configuration, you can get the necessary parameters by running the following commands in PowerShell:

Microsoft ADFS 3.0 and 4.0 integration

Configuring Microsoft ADFS 4.0

Integration occurs through the Application Group configuration. The setup instructions can be found here:

https://django-auth-adfs.readthedocs.io/en/latest/adfs_4.0_config_guide.html#step-3-determine-configuration-settings

After completing the configuration, you can get the necessary parameters by running the following commands in PowerShell:

Microsoft ADFS 3.0 and 4.0 integration

Configuring Picvario

To configure authorization in the administrative panel, you need to create several options:

ADFS_AUTH_ENABLED – the value is True

OPENID_AUTHENABLED – the value is False

ADFS_CLIENT_ID – the value is Relying Party ID

ADFS_SERVER – the value is your ADFS server address

ADFS_AUDIENCE – the value is as follows:

  • ADFS 3.0 – workspace address (e.g.: http://li.picvar.io)
  • ADFS 4.0 — microsoft:identityserver :ADFS_CLIENT_ID

ADFS_RELYING_PARTY_ID – the value is the same as ADFS_CLIENT_ID

  • ADFS 3.0 – workspace address (e.g.: http://li.picvar.io)
  • ADFS 4.0 — microsoft:identityserver :ADFS_CLIENT_ID

ADFS_USERNAME_CLAIM – the value is email

ADFS_GROUPS_CLAIM – the value is groups

Option Example Public 
ADFS_AUTH_ENABLED True True 
OPENID_AUTHENABLED False True 
ADFS_CLIENT_ID 3aaf3b0c-6287-45d6-a128-5a20bf6652cc False 
ADFS_SERVER adfs.domain.com  
ADFS_AUDIENCE microsoft:identityserver:3aaf3b0c-6287-45d6-a128-5a20bf6652cc False 
ADFS_RELYING_PARTY_ID 3aaf3b0c-6287-45d6-a128-5a20bf6652cc False 
ADFS_USERNAME_CLAIM Email True 
ADFS_GROUPS_CLAIM groups True 

In the administrative panel, go to Home > Options > Options, or click the Change link.

Microsoft ADFS 3.0 and 4.0 integration

To create a new option, click the ADD OPTION button.

Microsoft ADFS 3.0 and 4.0 integration

An editing page opens where you can specify the option and its value.

Microsoft ADFS 3.0 and 4.0 integration

Create all the options above in the same way.

If all settings are successfully completed, a button will appear on the account login screen:

Microsoft ADFS 3.0 and 4.0 integration

Click it to log in via Microsoft ADFS.


    • Related Articles

    • AzureAD integration

      Last update: 11.08.2022 Use this function to configure authorization through Microsoft Azure Active Directory. On the AzureAD side On the Azure AD side, please, specify: Callback: https://<yourworkspacename.api.picvario.com>/oauth2/callback For ...

    • Azure AD Integration

      Last update: 03.04.2024 The function allows you to configure authorization via the Microsoft Azure AD directory service. Configuring Azure AD To set up Picvario authorization via Azure AD, you need to create an Enterprise application in Azure AD. ...

    • Active Directory integration

      Last update: 11.08.2022 Use this function to configure authorization through the Microsoft Active Directory service of your organization. Creating the authorization server In the admin panel, find the LDAP_USERS section. Click on the Servers ...

    • Integration with Other Workspaces

      Last update: 10.01.2023 Picvario workspaces can be integrated with each other or with other external content sources via an API. This can be useful if you want to buy content from third-party sources (e.g. stock) or share content within the same ...

    • Integration with Tape Libraries

      Last update: 12.03.2024 A tape library (storage) is a device designed for long-term storage of large amounts of information. Picvario supports integration with the Archiware P5 data management system, which allows integration with tape storage. ...