(Also read, ADFS Federated users in AWS )

One of the coolest ways to visualize ADFS information is by adding an ADFS to Azure AD feed on each ADFS instance in your farm. This will record all ADFS activities / events (sign in, sign out, failed sign ins..) as well as aggregate metrics (total users etc.)

The ADFS Activity report will provide  potential RULES that will not be successfully migrated.

For SAAS apps

From within the global catalog (marketplace), simply install the SaaS app  (e.g. Salesforce, dropbox..)

The SaaS app thus created will contain four sections:

Section 1 – The Single Sign On Section

Section 2 – User Attributes and Claims Section 

This is where you may have to ADD your transformations, using the recommended identifiers that the SaaS app requires. E.g. a transformation may consist of an Extraction (e.g. extract mail prefix) and a subsequent JOIN (join to the domain name)

Section 3 – SAML Sign On Certificate Section 

Section 4 – One Click Setup on the SaaS Single Sign On

This is the most important setup after the User Attributes setup.  This section configures the SaaS end of the link (e.g. Salesforce’s SSO). It configures AAD as the IdP for the Salesforce App.

Section 5 – Test the SSO (generate SAML requests and Responses)

This is an effective way to test out the SSO piece.

What about Failed ADFS Logins?

If you are seeing a HIGH percentage of logins fail, then you need to examine the underlying ADFS server.

adfs saml errors
adfs saml errors

Next Steps?



Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Identity Migration? Set up a time with Anuj Varma.