Home  >   Articles   >  Login to Vtiger on SSO SAML using ADFS
Articles in this section

Login to Vtiger on SSO SAML using ADFS

Bindu Rekha Babu
21 Sep, 2020 - Updated 1 year ago
Table of Contents


Vtiger CRM integrates with Active Directory (AD) to allow administrators to enable single sign-on (SSO) for all CRM users. 

You can login to Vtiger CRM directly from the organizational accounts hosted in Active Directory.

Note! This feature is available in Vtiger One ProfessionalVtiger One Enterprise editions.

Requirements to use ADFS to login to Vtiger

  1. An Active Directory instance where all users have an email address attribute.
  2. An SSL certificate with the fingerprint to sign your ADFS login page
  3. An installed certificate for the hosted SSL if you’re using host mapping in Vtiger.
  4. After the successful installation, get the value of ‘SAML 2.0/W-Federation’ URL in the ADFS Endpoints section. The URL includes ‘/adfs/ls/’ if the default settings are chosen.

Establish a connection between Vtiger and ADFS

Connect Vtiger and ADFS

Set up the connection between Vtiger and ADFS defined using Relying Party Trust(RPT)
Follow the below steps

  1. Go to Server Manager > Tools > ADFS Management > Relying Party Trusts folder.
  2. Click on Actions and add Vtiger as a trusted party.
    image not found

  3. In the Select Data Source screen, select ‘Enter Data About the Party Manually’.
    image not found

  4. Enter the ‘Display’ name.
    image not found

  5. Choose the ADFS profile.
    image not found

  6. Set up the certificate settings.

  7. Enable ‘Support for the SAML 2.0 WebSSO protocol’ and replace subdomain with your domain name.
    image not found

Note! no trailing slash at the end of the URL.

  1. Next, add a Relying party trust identifier of your domain.
    image not found

  2. Permit all users to access this relying party.

image not found

Claim Rules

Rule 1: Send LDAP Attributes as Claims rule.

Using Active Directory as your attribute store, do the following:

  • From the LDAP Attribute column, select E-Mail Addresses.
  • From the Outgoing Claim Type, select E-Mail Address.
    image not found

Rule 2: Transform an Incoming Claim.

Select E-mail Address as the Incoming Claim Type.

  • For Outgoing Claim Type, select Name ID.
  • For Outgoing Name ID Format, select Email.
    image not found

Adjusting the trust settings

To adjust the trust settings, select ‘Properties’ in the Actions sidebar while you have the RPT selected.
In the Advanced tab, make sure SHA-256 or SHA-1 is specified as the secure hash algorithm
image not found

You can also set up the Endpoint log out URL.
Next, configure Vtiger by downloading ADFS certificate in Base 64 format and authenticate ADFS certificate in Vtiger.
image not found

image not found

Configuring Vtiger

After setting up ADFS, you need to configure your Vtiger instance to authenticate using SAML. Follow the steps in our documentation for enabling SAML. You’ll use your full ADFS server URL with the SAML endpoint as the SSO URL, and the login endpoint you created as the logout URL.

To get the x.509 Certificate, Follow these steps

  1. Download the Active Directory Federation Services (ADFS) Certificate
  2. Open Active Directory Federation Services (ADFS)
  3. Select Certificates from the left Menu
    image not found

  4. Under “Token Signing” right click on the certificate that needs to be downloaded

  5. Select View Certificate
    image not found

  6. In the Certificate window, click on the details tab and then click on “Copy to file”.
    image not found

  7. In the certificate export wizard, click on next
    image not found

  8. Select the format as “Base-64 encoded binary X.509 (.CER)” and click on next.
    image not found

  9. Enter a filename and then click on next and finish to save the certificate
    image not found
    image not found

Configure SAML in Vtiger.

Follow the steps below to configure SAML in Vtiger.

  1. Hover over  and click on Settings.
  2. Click on Authentication under User Management.
  3. Enable SAML checkbox.
  4. Copy the IDP information and paste them in Vtiger.
  5. Click on the Save button and get the Service Provider Entity ID and ACS URL.
  6. Enter your CRM’s SAML login URL to login via ADFS.

Vtiger SAML application in Azure AD

Installation of Vtiger SAML in Azure AD

Follow these steps to install the Vtiger SAML application in Azure AD

  • Open your Azure AD portal
  • Go to Azure Active Directory
  • Click on Enterprise Applications option under Manage tab
  • Click on the Add New Application button
  • Search for Vtiger in the Enterprise Applications
  • Click on Vtiger CRM (SAML) app and click Add

Now, go to Vtiger SAML app.

  1. Click on Single sign-on option under Manage tab
  2. Select SAML
  3. Next, set up Single Sign-On with SAML
  4. Configure the Basic SAML entity values in AD and Vtiger
  5. Add users

Note: Usernames of Vtiger account and Active Directory account must match for single sign-on service.

Was this article helpful?
0  out of  0  found this helpful.
Comments 0
Be the first to comment
© Copyright 2022 Vtiger. All rights reserved.