SSO with AD FS Setup AD FS SSO is only prompted when logging in on new browsers/devices or when logged out from an active Business Account session (the session lasts 30 days on the same browser/device where you are already logged in). Here's a step-by-step guide on how to set up a single sign-on (SSO) method in the NordPass Admin Panel using Microsoft Active Directory Federation Services (AD FS) as an Identity Provider (IdP). 1. Open the AD FS management console and select Add Application Group… in the Actions panel. 2. Enter the desired Application Group name, choose Server application from the template list, and select Next. 3. Copy and save the self-generated value from the Client Identifier field; you will need to use it later on in the NordPass Admin Panel. In the Redirect URI field enter URL and select Add:If your organization is created in the U.S. data center: ttps://api.nordbusinessaccount.com/v1/oauth/adfs/callback If your organization is created in the EU data center: https://business-auth.eu.nordpass.com/v1/oauth/adfs/callback 4. Select Next. 5. Select Generate a shared secret. Copy and save that value; you will need to use it later on in the NordPass Admin Panel. Select Next. 6. Select Next on the Summary screen. 7. Select Close on the Finish/Complete screen. 8. Select Application Groups in the AD FS management console, choose the newly created Application Group and select Properties in the Actions panel. 9. Select Add application… 10. Choose Web API from the template list and select Next. 11. Enter https://api.nordbusinessaccount.com in the Identifier field and select Add. 12. Select Next. 13. Choose to Permit everyone from the access control policy list and select Next. 14. Ensure OpenID is selected in the Permitted scopes list and select Next. 15. Select Next on the Summary screen. 16. Select Close on the Finish/Complete screen. 17. Select OK. 18. The last step in the AD FS management console is to copy and save the domain URL (Federation Service name); you will need to use it later on in the NordPass Admin Panel.Go to Service and select Edit Federation Service Properties… in the Actions panel. Copy the Federation Service name value from the newly opened window. 19. To be able to validate OAuth and OpenID Connect credentials, you need to allow the NordPass API to make requests to your Federation Service instance. This URL {FEDERATION_SERVICE_DOMAIN_NAME}/adfs/oauth2/authorize/ should be accessible. Port 443 should be opened, and TCP protocol should be allowed. If you need IP to open access please contact our support team and we will provide it. 20. Open the NordPass Admin Panel at https://panel.nordpass.com and go to the Settings tab. 21. Select Single Sign-On (SSO) and Authentication. 22. Select Microsoft Active Directory Federation Services (AD FS). 23. Add and verify your company's domain by selecting Add Domain. 24. Enter your company's domain name and select Continue. Copy the generated DNS TXT entry and add it to your domain's DNS TXT configuration. Once added, return to the AD FS setup and select Verify. Please note that it can take up to 72 hours to verify the domain. 25. Enter the Client Identifier (ID), Client Secret and the AD FS Domain URL that you copied and saved from the previous steps in the AD FS management console and select Test Connection. 26. Once the connection is established, you can select Turn On. 27. In the confirmation window, select Turn On to enable organization members to log in to NordPass via AD FS. You've now successfully configured single sign-on with your on-premises AD FS as Identity Provider and NordPass as Service Provider. Was this article helpful? Yes No