On-Premise ADFS Integration

Modified on Thu, 7 Jan, 2021 at 9:47 AM

ZingHR supports ADFS integration for single sign-on for on-premise AD. To complete the integration on your ADFS server, we will need the following information


  1. Metadata URL of your ADFS Server
  2. One of your domain user's credentials to test from our end
  3. Whitelist below URLs on your ADFS server as a Relying Party Trust
    1. For Development environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/Signin
    2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/Signin


Follow the below steps to whitelist URLs as a Relying Party Trust

Note : In below screenshot, kindly replace the name 'dev' with 'clientuat' wherever applicable


  1. Open ADFS Management Console & click on 'Add Relying Party Trust'


  2. In the next screen click on 'Start' button



  3. In the next screen select 'Enter data about relying party manually' option and click Next button


  4. In the next screen enter any display name you want in 'Display name' textbox  and click Next button



  5. In the next screen select 'ADFS profile' option and click Next button



  6. In the next screen click Next button, as we are not using any certificate for integration

    Please follow the below link : (mentioned link is a case sensitive)
    https://portal.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback



  7.  In the next screen select 'Enable support for the WS-Federation Passive protocol' option and in the 'Relying party WS-Federation Passive protocol URL' textbox enter


    'https://portal.zinghr.com/{CompanyCode}/Account/SigninCallback' url  and Click on Next button


    1. For UAT environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback

    2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/SigninCallback



  8. In the next screen in the 'Relying party trust identifier' textbox enter 'https://portal.zinghr.com/{CompanyCode}/Account/Signin' url  and Click on Add button and then click on Next button


    1. For UAT environment:- https://clientuat.zinghr.com/{CompanyCode}Adfs/Account/Signin

    2. For Production environment:- https://portal.zinghr.com/{CompanyCode}Adfs/Account/Signin


  9. In the next screen select 'I do not want to configure multi-factor authentication' option and click on Next button



  10. In the next screen select 'Permit all users to access this relying party trust' option and click on Next button



  11. In the next screen you can validate all the details which you have entered  and click on Next button



  12. In the next screen select 'Open the edit claim rules dialog'  option and click on Close button



  13. Once you click Close button new window will appear for configuring claim rules for the relying party, so in the next screen click on  'Add Rule' button



  14. In the next screen select 'LADP Attributes as Claims'  option from claim rule template and click on Next button



  15. In the next screen in the 'Claim rule name' textbox enter any name you want, then in attribute store dropdown select 'Active Directory' option.
    Now in Mapping of LDAP attribute section
    Select User-Principal-Name in LDAP Attribute column
    Select UPN in the outgoing claim type column
    and click on Finish button



  16. Now you have successfully configured ZingHR as relying party trust in your ADFS server , you should able to see ZingHR in Relying Party Trust lists of your ADFS server



    17. Once done with above configuration at your end then raise a JIRA request under SSO Integration category with following details.
    1. Metadata URL of your ADFS Server
    2. One of your domain user's credentials
    3. List of UPN (User Principal Name) with respective Employee Codes e.g. test@adfs.com

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article