SAML 2.0 SSO integration for MS ADFS

Created by Julien Pauthier, Modified on Thu, 27 Jul, 2023 at 5:30 PM by Julien Pauthier

SAML 2.0 integration for Microsoft ADFS

This documentation provides information required by Agendize to enable single-sign-on for your users into Agendize backoffice, based on SAML 2.0 protocol, with their credentials in Microsoft Active Directory Federation Services.

Contact us if you are interested in setting up SAML on Agendize for your business.

Note: login of your users should always be email addresses.


Here are the basic steps involved in the authorization workflow:

  1. The user tries to access to Agendize backoffice
  2. His/her web browser receives a redirect to your authentication server (ADFS)
  3. The user provides his/her credentials to log into your server
  4. Your server generates a SAML authentication response for the user login (including group memberships and related roles in Agendize backoffice)
  5. His/her web browser transfers the response back to Agendize
  6. Agendize backoffice sets the user in the proper context, matching his/her role and privileges

Requirements for SSO integration

1. Collect IDP (ID Provider) data on Microsoft ADFS


Following information should be provided for setup:

Convert Token-Signing certificate to PEM

SSO certificate has to be converted to PEM format:

openssl x509 -inform DER -in certificate.cer -out certificate.pem -text

2. Configure SAML authentication on your Active Directory server

Following metadata file is provided beforehand to configure SSO service on your side. It should be declared on your Microsoft ADFS server:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" cacheDuration="PT604800S" entityID="saml:agendize" ID="SP_a1107b59-5553-4028-82f3-b1c57356de4c">

<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=";provider=SAMLYOURCOMPANY"/>


<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=";provider=SAMLYOURCOMPANY" index="1"/>



Note: A callback URL will be assigned to your company to receive SAML responses back from your server. Callback URL has following pattern: 

3. Match ADFS data schema with SAML 2.0 user properties and groups

User information

Here are the names of the user properties expected in your SAML responses:

Matching your data schema with these properties names should be configured with your ADFS server (see

Assign your users to specific groups depending on their role in Agendize backoffice

Here are the group ID that can be assigned to your users depending on the privileges they need on the Agendize platform:

ID group
Account administrator
Account statistics manager
Account billing manager
Account buttons manager
Scheduling administrator
Scheduling viewer
Scheduling manager
Calls manager
CRM manager
Email marketing manager
Forms manager
Queue manager

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article