Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  1. Fotoware Alto
    • 11.14 Schreckhorn
    • Terminology
    • Solutions
    • User Guide - Deutsch
    • User Guide - English
    • API Changelog
  2. Fotoware Veloz
    • Managing users and groups
    • Configuring archives
    • Configuring workflows
    • Configuring site behavior
    • Navigating and searching to find your assets
    • Working with your assets
    • Editing asset metadata
    • Uploading files
    • Version Control in Fotoware
    • Albums - Creating and sharing collections
    • Placing assets in a CMS
    • Working with the Fotoware Pro interface
    • Using the Fotoware plugins
    • Consent management
    • User guide to FotoWeb for iPad (Legacy)
    • Picture conferencing with FotoWeb Screens (Legacy)
    • What's what in Fotoware
    • GDPR
    • Fotoware Veloz releases
    • Activity Exports
    • Fotoware Example Workflows
  3. Fotostation
    • Getting started with Fotostation
    • Viewing, selecting and sorting files
    • Managing your assets with archives
    • Adding metadata to assets
    • Searching for assets
    • Working with your assets
    • Version Control in Fotostation
    • Automating tasks with Actions
    • Configuring metadata fields and editors
    • Configuring Fotostation
    • Configuring Fotostation for multi-user environments
    • Troubleshooting Fotostation
  4. Fotoware Flow
    • What is Flow?
    • Getting started
    • Flow dictionary
  5. Fotoware On-Premises
    • Getting started
    • Index Manager
    • FotoWeb
    • Color Factory
    • Connect
    • Operations Center Guide
  6. Integrations and APIs
    • The Fotoware API
    • Creating integrations using embeddable widgets
    • Authorizing applications using OAuth
    • Auto-tagging
    • FotoWeb Drag and Drop export
    • Integration using webhooks
    • Optimizely and Episerver plugin documentation
    • User Interface Integrations
  7. Fotoware Mobile
    • User guide for Fotoware Mobile for iPhone and Android
    • User guide to FotoWeb for iPad (Legacy)
    • User guide to FotoWeb for iPhone and Android (Legacy)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support

Table of Contents

Setting up ADFS Connecting ADFS to FotoWeb Editing claim rules Mapping groups Testing sign-in with ADFS
  • Home
  • Fotoware On-Premises
  • FotoWeb
  • Managing users and groups (On-Premises)
  • Configuring authentication providers and single sign-on in FotoWare (On-Premises)
  • SAML Authentication (On-Premises)

FotoWeb Authentication with Active Directory Federation Services (ADFS)

30. April 2025

Elaine Foley

Table of Contents

Setting up ADFS Connecting ADFS to FotoWeb Editing claim rules Mapping groups Testing sign-in with ADFS

This is the recommended way of connecting FotoWeb to an on-premises Active Directory and allowing users to sign in to FotoWeb with their Active Directory accounts.

Setting up and managing Active Directory and Active Directory Federation Services (ADFS) efficiently and securely can be demanding. This approach is recommended for organizations that already have their own installation of Active Directory and, ideally, ADFS, and intend to keep using it.

Note: Active Directory integration via LDAP in FotoWeb is set to End of Life from January 1st, 2024, and will be removed from our software in a future version. We strongly recommend switching your identity provider as soon as possible.

Fotoware currently supports a variety of other identity providers, such as Microsoft Entra ID (formerly Azure Active Directory), ADFS + SAML, or any other SAML 2.0 compatible provider, such as Okta, OneLogin, and many more.

Contact Fotoware Support or your Fotoware Partner if you need assistance migrating to a new identity provider.

Otherwise, you can use the following alternatives:

Rather than using ADFS + SAML authentication, consider using Microsoft Azure Active Directory B2C to synchronize your on-premises AD to Azure AD, then use the Azure AD integration of FotoWeb. For documentation and pricing, see microsoft.com.

  • Rather than using your own Active Directory, consider using Microsoft Office 365 and the Azure AD integration of FotoWeb for authentication. This fully cloud-based authentication solution requires only minimal setup and management. For documentation and pricing, see microsoft.com.

While both alternatives may incur additional costs for cloud services, they may be more cost-efficient than managing your own services and servers.

Setting up ADFS

If ADFS has already been set up for your domain, you can skip to the next section. Otherwise, learn how to set up ADFS.

Connecting ADFS to FotoWeb

On the ADFS server:

  1. Open the ADFS Management console.
  2. Go to the Trust Relationships node → Relying Party Trusts → Add Relying Party Trust.
    • In Select Data Source, choose Enter data about the relying party manually.
    • Choose a display name, for example, Fotoware.
    • Select AD FS profile.
    • Do not add a token encryption certificate.
    • In Configure URL, select Enable support for the SAML 2.0 WebSSO protocol.
    • In Configure URL, set the service URL to https://yourtenant.fotoware.cloud/fotoweb/auth/saml20/consume/ (remember the final slash).
    • In Configure Identifiers, add the URL of the FotoWeb tenant as an identifier; for example, https://yourtenant.fotoware.cloud/fotoweb/ (remember the final slash).
    • Do not configure multi-factor authorization.
    • Select Permit all users access to this relying party.
  3. Finish the wizard.

Editing claim rules

  1. Select the Relying Party Trust created in the previous step.
  2. Right click → Edit Claim Rules
  3. Add a rule of type Send LDAP Attributes as Claims with the following mappings:
  • Attribute Store → Active Directory
  • E-Mail-Addresses → email
  • Surname → sn
  • Given-Name → givenName
  • SAM-Account-Name → username

Claim types shown in monospace, for example,givenName must be entered manually.

  1. Add a rule of type Transform an incoming Claim with the following attributes:
  • Incoming claim type: username
  • Outgoing claim type: Name ID
  • Outgoing name ID format: Unspecified
  1. Select Certificates and double-click the Token-signing certificate.
    • In Details, select Copy to File.
    • Select Base-64 encoded X.509 (.CER).
    • If prompted, do NOT export the private key.
    • Select a file name.
    • Open the file in a text editor.
       
  2. On your FotoWeb tenant, from the Tools menu (cogwheel icon), go to Site Configuration > Security > Single Sign-on.
  • Select SAML 2.0 from the Authentication provider drop-down list.
  • In the X509 Certificate field, paste the contents of the .CER file exported from the ADFS configuration (previous step).
  • In Endpoint URL field, enter https://youradfsserver/adfs/ls
  • Add at least one group.
  • Save the settings.

Mapping groups

Mapping groups from ADFS to FotoWeb is described in a separate topic.

Testing sign-in with ADFS

Depending on how ADFS is set up, the ADFS server may be accessible only from the internal network in which it resides, whereas FotoWeb may be accessible on the open internet (for example, when using Fotoware Veloz).

  1. Go to the home page of the FotoWeb tenant.
  2. In the login form, select Log in with SSO.
    • The sign-in page for the ADFS server opens. 
  3. Log in with a user's AD credentials
    • You are redirected back to FotoWeb, and you are logged in.
fotoweb authentication adfs integration

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Working with the Fotoware Extension for Illustrator
  • Installing Index Manager
  • Indexing PDF documents
eco-lighthouse-miljøfyrtårn

Company

  • About us
  • Resellers
  • Careers
  • Contact us

Help & support

  • Support center
  • Consultancy
  • Tech partners
  • Fotostation
  • System status

Trust Center

  • Legal
  • Security
  • Sustainability & ESG

Locations

Fotoware AS (HQ)
Tollbugata 35
0157 OSLO
Norway
FotoWare Switzerland AG
Industriestrasse 25
5033 Buchs (AG)
Switzerland

Copyright 2025 Fotoware All rights reserved.

  • Terms of service
  • Privacy policy
  • Cookie policy

Knowledge Base Software powered by Helpjuice

Expand