Step-by-Step Procedure: Installing and Configuring ADFS 3.0 to work with Zoho Vault
You don't need to download any extra files to configure AD FS in your Windows R2 Server. The entire installation process is straightforward and is limited to a few steps. Follow the below steps using the Add Roles and Features Wizard.
Step 1: Go to Server Manager on the server and select Add Roles and Features under the Manage button. The installation wizard will start with the Before you begin screen. Click the Next button.
Step 2: Next up is the Installation Type page. Select the Role-based or feature-based installation radio box as shown in the image below and click the Next button.
Step 3: The Select destination server page will display. Here, you can find the list of Windows Sever 2012 added by using the Add servers command in Server Manager. Select a server from the list below and click the Next button.
Step 4: Next up is the Select server roles page. Select Active Directory Federation Services and click Next.
Step 5: The next page in the installation process is the Select Features. Select .NET Framework 4.5 Features and click Next.
Step 6: The next two pages will be Active Directory Federation Services (ADFS) and Confirm installation selections. Click the Next button and proceed with the installation process.
Step 7: Upon confirmation, the installation will begin.
Step 8: After successful installation, click Configure the federation service on this server in the Installation Progress screen.
Active Directory Federation Services Configuration:
Step 1: In the AD FS Server configuration wizard, select Create the first federation server in a federation server farm and click the Next button.
Step 2: In the next screen, specify an account with Active Directory domain administrator permission to perform the federation server configuration.
Step 3: Make use of makecert.exe and pvk2pfx.exe which are available with Windows SDK, to create a self-signed certificate. After installing windows SDK, open Command Prompt and run the following commands:
makecert -r -pe -n "CN=adfs.yourdomain.com" -b 01/01/2013 -e 01/01/2014 -sky exchange Server.cer -sv Server.pvk (Instead of “adfs.yourdomain.com” give the fully qualified name of the AD FS system in the above command)
pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx.
Step 4: Now, click Import and select the Server.pfx file that you created using above commands
Step 5: Click the Import button and select the Server.pfx file that you created using the above commands and proceed.
Step 6: In the next page, select Use an existing domain user account or group Managed Service Account and click Next.
Step 7: In the database configuration page, select Create a database on this server using Windows Internal Database and proceed.
Step 8: After reviewing the options and pre-requisite checks, you will be ready to complete the configuration process.
How to run the Powershell Script:
Powershell script for configuring AD FS 3.0 is available at this link
- Download the adfsscript.ps1 and save it in C:\ drive in the AD FS installation system
- Go to the start menu and right-click Command Prompt and Run as Administrator.
- Enter the following commands:
- powershell
- Set-ExecutionPolicy RemoteSigned
- C:\adfsscript.ps1
- Make sure the PowerShell script ran successfully. Any errors encountered while running the script will be printed in red color in the console.
- If you are unable to set the execution policy to RemoteSigned because of domain policy, you might need to set the same policy in your Domain Controller.
Note: Refer to this link to learn how to set the execution policy on domain controller.
After running the PowerShell script, go to the Zoho Vault'sSAML configuration page and configure the Login URL, Logout URL, Certificate (Saved at C:\certificate.cer) and the algorithm. The above screenshot displays the details that you need to fill.