Documentation Hub
Workforce
Workforce
  • Keyless Integrations Docs
  • ✅Prerequisites
  • IAM and SSO Integrations
    • Overview
    • Okta
      • Account Linking Config
      • Identity Provider Config
    • Microsoft AD FS
      • Prerequisites
      • Integration
      • Authentication
      • Troubleshooting
    • AWS Cognito
    • Auth0
    • ForgeRock
      • ForgeRock Authentication Node
      • Forgerock Identity Cloud
    • OneLogin
    • Ping Identity
      • PingOne SSO
    • Microsoft Entra ID
    • Salesforce
  • Post Integration
    • 🏁Post Integration
      • 📢Employee Onboarding
        • Prerequisites
        • Email Templates
      • 🎧Admin Onboarding
        • Common Terms
        • Enrollment and Activation
        • Authentication
        • Troubleshooting and Support
Powered by GitBook
On this page
  • I am unable to add the Relying Party Trust to my AD FS
  • I want to restrict access to Keyless only to a specific group in Active Directory
  • Ensure that ‘Active Directory’ is the only option available to users in AD FS for Keyless Account Linking

Was this helpful?

  1. IAM and SSO Integrations
  2. Microsoft AD FS

Troubleshooting

Common issues and solutions for Keyless and AD FS integration.

Last updated 7 months ago

Was this helpful?

I am unable to add the Relying Party Trust to my AD FS

Please confirm that you are able to reach https://<customer>-registration.keyless.technology/metadata/ from your network, where <customer> is the domain given to you by Keyless.

I want to restrict access to Keyless only to a specific group in Active Directory

  1. Select the customer>-registration.keyless.technology ‘Relying Party Trust’ in AD FS

  2. Click on 'Edit Access Control Policy'

  3. Select ‘Permit specific group'

Ensure that ‘Active Directory’ is the only option available to users in AD FS for Keyless Account Linking

Oopen PowerShell as administrator on your AD FS and enter this command:

Set-AdfsRelyingPartyTrust -TargetName <customer>-registration.keyless.technology -ClaimsProviderName @("Active Directory”)

On the AD FS ‘Home Realm Discovery’ screen, the browser on users’ devices may cache the list of login options. Clearing the cookies in the browser solves the problem.

🏁Post Integration