VisibleThread -
Help Center Find helpful articles on different VisibleThread Products


Setup Single Sign-On for Active Directory and VisibleThread Docs on-prem


This article provides the specifics for setting up VT Docs inside your Active Directory Federation Services (ADFS) . This covers the details to complete Step 2 "Setup VT Docs (as a Service Provider) in your Identify Provider" in Getting Started with Single Sign-On (SSO)


If your end-users are using Internet Explorer, we require ADFS forms-based authentication to be enabled. This is because VisibleThread does not support Windows Integrated Authentication (WIA).

Before starting the steps below you must download the VT Docs metadata file :

  • login to the VT Docs sandboxAdmin app - go to https://<your-on-prem-vt-docs-server>/sandboxAdmin
  • click on Security Settings icon in the sidebar
  • click Single Sign-On with SAML 2.0
  • click Download MetaData
  • the downloaded metadata file is called vt_docs_saml_metadata.xml

Add new Relying Party Trust

In your AD FS Management tool select Add Relying Party Trusts... from the Actions sidebar.

1. Click Start in the configuration wizard to configure a new Relying Party Trust :


2. In Select Data Source - select option Import data about the relying party from a file then browse for the file vt_docs_saml_metadata.xml :


3. Enter a Display name :


4. Choose an access control policy :


5. Click Next to proceed (there are no changes required here) :


6. To finish adding your relying party trust click Close :


Edit Claim Issuance Policy

Finally, we have to configure a Claim Rule that will map the LDAP email attribute (for a user) to a SAML claim.

1. In the list of Relying Party Trusts - right click on the trust you created above and select Edit Claim Issuance Policy... :


2. Click Add Rule... :


3. Select Send LDAP Attributes as Claims :


4. In Configure Rule - provide a Claim rule name e.g. "Email" and select Active Directory under Attribute store. Then click LDAP Attribute dropdown and select E-Mail-Addresses. Then click into Outgoing Claim Type, type in the text "Name ID" and hit Finish :


5. Hit OK to complete :


Congratulations! You should now be able to resume the final step Test and Enable SAML SSO in Getting Started with Single Sign-On (SSO)

Was this article helpful?
0 out of 0 found this helpful

Get Additional Help

Visit our Helpdesk for additional help and support.