Learn about the ADFS Integration.

ADFS Integration

ADFS is a popular identity management product that can be integrated with Wavefront to enable single sign-on.

ADFS Setup

After setting up the ADFS integration, users can authenticate to Wavefront through ADFS instead of using a password. New users who did not exist in Wavefront are auto-created on the Wavefront side when they authenticate for the first time.

Step 1. Run the Wizard

To add the ADFS integration to Wavefront, follow these steps:






Note: For the next two steps, replace https://customer.wavefront.com with your Wavefront instance URL: https://YOUR_CLUSTER.wavefront.com.





Step 2. Set up Claim Rules

This task produces a SAML claim in the following format:


Here is an example of the resulting rule:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties /format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");

The rule contains an identifier pull from Active Directory. Wavefront sends an email to this identifier value, so it should be a valid email address.

The screenshots below show to form this identifier from the 1st email address for the user stored in Active Directory.


The rule sends an email address claim in the SAML response. The new rule transforms that email address claim into the NameID claim that Wavefront needs.


Step 3. Send the Identity Provider Metadata to Wavefront and Complete the Setup

  1. Download https://<FQDN of ADFS>/FederationMetadata/2007-06/FederationMetadata.xml identity provider metadata file.
  2. Log in to your Wavefront instance as a user with SAML IdP Admin permissions.
  3. From the gear icon in the top right corner, select Self Service SAML.
  4. From the Identity Provider drop-down menu, select ADFS.
  5. Paste the downloaded metadata into the Configure Connection text box.
  6. To validate the metadata, click Test. The ADFS login page opens in a new browser window.
  7. Log in to ADFS.
  8. After the login is successful, click the Save button.

    Note: The Save button is disabled until you’ve completed a test successfully.