To set up SAML authentication in ADFS (This guide instructs the steps after ADFS installed).

1. Go to ADMINISTRATION -> USERS and download Service Provider Metadata.

**This file is required to set up Relying Party Trusts in ADFS.

2. Open AD FS Manager and select Add Relying Party Trust.

3. Select Claims aware and select Start.

4. Select Import data about the relying party from a file and select the SP Metadata from Step 1. Select Next.

5. Enter the Display name and select Next.

6. Choose Permit Everyone and select Next.
7. Select Next.

8. Select Close.
9. Select Properties.

10. Go to the Advanced tab and enable SHA-1. Select OK.

11. Select Edit Claim Issuance Policy and Add Rule.

12. Select Next.
13. Enter the Claim rule name, select Attribute store: Active Directory and add mapping of LDAP attributes for Group and Name ID. Select Finish.

14. Select OK.
15. Download FederationMetadata.xml (https://<your server FQDN or IP>/FederationMetadata/2007-06/FederationMetadata.xml).

**This file is required to set up SAML setup in FortiEDR Central Manager.

To set up SAML authentication in FortiEDR Central Manager.

1. Go to ADMINISTRATION > USERS and fill in following fields. Select Save.

SAML Enabled: Check the checkbox.
IDP Description: Fill in the comments.
IDP Metadata: Upload the Metadata file from ADFS (Step. 15).
Attribute Name: http://schemas.xmlsoap.org/claims/Group
Role/Group mapping: Enter LDAP group name for target users.

2. Copy SSO URL.

3. Access the SSO URL and redirect to the ADFS Sign page. Sign in with username and password.

4. Successfully logged in as an ADFS SAML user.