What you get and what makes us different to our competitors
Core & advanced features which ensure you get the most out of our signing software.
Our platform seamlessly integrates with most industry specific providers.
We have a flexible pricing model to suit anyone’s specific needs.
What you get and what makes us different to our competitors.
Frequently asked questions and solutions that might be relevant to you.
Plans for Small, Medium & Enterprise level businesses.
No setup fees & pay as you need notary features & add-ons.
Digital signing which integrates with most Recruitment ATS & CRM’s
Improve staff & client experience with digital signatures & notary.
Increasing compliance across life science & device businesses.
Solutions for state, federal, local, county & regional government.
Founded in 2010 to be a simple, smart, and secure signing platform.
ISO 27001 certified software which is backed by PKI Technology.
Technology which ensures non-forgeability & non-repudiation.
The latest Secured Signing company news and awards.
New & updated features and how to use them.
Updates about software we integrate with.
Blog articles, helpful tips and guides on digital signing & notary.
We have a flexible pricing model to suit anyone's specific needs.
Secured Signing continues partnership to integrate digital signatures within Bullhorn.
5 reasons government agencies and councils are adopting digital signatures.
New feature: Signing completion certificate.
Home // Support // ADFS 2.0: Configuring Single Sign On for Secured Signing using Active Directory Federation Services
Setting up active directory federation services for use with Secured Signing will allow the nominated users within your domain to use the Secured Signing service using their network credentials. When the single sign on option is enabled in Secured Signing, logged in users will not need to enter their username and password in Secured Signing.
The configuration process requires:
Install and Configure ADFS 2.0
If not already installed, download & install ADFS 2.0. The software is available through here.
NOTE: Don’t install the ADFS role from server management
If you are using Windows Server 2008 R2, you will need to apply the ADFS 2.0 hot fix. Download it from this link.
Prepare a valid ssl certificate (.pfx file, with private key). This certificate will be used by the ADFS federation service website, so it should be valid with your ADFS website domain name.2
Import this certificate to IIS
Open IIS, click server node, double click Server Certificates, then click Import at the right action panel
Configure the ADFS 2.0 Federation service
Run ADFS 2.0 Management Console as domain administrator. Run Create new federation service wizard. Use the certificate imported above to finish the configuration.
In IIS manager, go to the Default Web Site/adfs/ls application,. Double click Authentication, enable Windows Authentication. In the advanced settings window, select Extended Protection to Off
On IIS manager, add https bindings with above certificate to Default Web Site.
Don’t change other default settings in IIS
In ADFS 2.0 Management Console, find metadata xml path from right panel of “ADFS 2.0/Service/Endpoints”. It should be in the format https://your.domain.com/FederationMetadata/2007-06/FederationMetadata.xml
Verify the ADFS service is running by accessing the server: https://your.domain.com /adfs/ls/IdpInitiatedSignon.aspx
Enable CROS for ADFS website
Add below lines to the web.config under Default Web Site/adfs/ls application directory
<system.webServer>
<httpProtocol>
<customHeaders>
<add name=”Access-Control-Allow-Origin” value=”*” />
</customHeaders>
</httpProtocol>
</system.webServer>
Optional: set token caching time in the power shell console:
> Set-ADFSProperties -SSOLifetime 5
> Set-ADFSRelyingPartyTrust -TargetName adfs.dsx.co.nz -TokenLifeTime 5
> Set-ADFSProperties -ReplayCacheExpirationInterval 5
> Set-ADFSProperties -SamlMessageDeliveryWindow 5
Restart the ADFS 2.0 service and IIS
Add relying party trust
Once ADFS 2.0 is ready, add a new relying party trust to the ADFS 2.0 service.
In the ADFS 2.0 console, run “Add Relying Party Trust” wizard.
Click “Start”, select “Enter data about the relying party manually” option and click “Next”.
Enter a display name and click “Next”
Select “ADFS 2.0 profile” options and click “Next”
You can Ignore the encryption certificate, so just click “Next”
Enable both WS-Federation Passive protocol and SAML 2.0 WebSSO protocol. For both protocols input https://www.securedsigning.com/ADFS/Account/LoginCallbackAdfs as endpoints and click “Next”
Input https://www.securedsigning.com/ADFS/Account/LoginCallbackAdfs as identifiers and click “Next”
Please notice that the rely party identifier is case sensitive. Please input the exact value.
Select the > Permit all users to access this relying party option and click Next
Click Next and Close
In the popup claim rule window, add a new Transform Claim Rule
In the popup wizard, select Send LDAP Attributes as Claims and click Next
Input the rule name, select Active Directory as the Attribute store and select the LDAP attributes below
E-Mail-Address -> E-Mail Address
Surname -> Surname
Given-Name -> Given Name
User-Principal-Name -> Windows account Name
Click Finish
Setup Single Sign On with ADFS in your Secured Signing Membership
You need an enterprise account to integrate secured signing with your own ADFS server.
Login to the Enterprise Portal and go to Memberships.
Select the membership that requires single sign on with ADFS. In the Single Sign On tab. Enable Single Sign On and input your Federation Metadata Address.
Click Users Setup button. This will open the Accounts management page where you can manage your accounts to use ADFS integration. All accounts under this membership must login with ADFS. Users will no longer be able to authenticate using a username and password to access Secured Signing.
Select an account from the account list, input the User Domain Name Login (ADFS) and save. This Single Sign On input option is visible only when the Single Sign On has been enabled for the membership.
The User Domain Name Login should be in the format ‘Domain\Windows Account’. This should be the User logon name (pre-Windows 2000) property from Active Directory User properties.
The “User Domain Name Login” is case insensitive. It should not be duplicated (use same domain name for different accounts) in one membership.
You need to setup all accounts for ADFS login.
Activate user account
Once user account created, the user will receive an activation email, click Click to Activate button in the email. Then in the activation page, click Activate button.
Join an Existing Secured Signing Account to a Membership with Single Sign On enabled
For an existing user, they can join a membership by adding the membership code to the My Account > My Details page
If this membership is configured to use Single Sign On with ADFS, the user will need to enter tjheir User Domain Name Login and click “OK” to join the membership.
Once single sign on is enabled, the first time each user accesses Secured Signing they will need to input their email to login. A password is not required.
The system will check if Single Sign On is enabled for this user. If so, it will redirect to your ADFS server website. Then the user input his/her windows logon credential to login with your ADFS server. The user can check the option to “Remember my email” to login with ADFS next time.
Once the user has logged in with ADFS successfully, the user will be redirected to Secured Signing. On subsequent logins, the user’s domain name will be remembered. Click “Log in with ADFS” the user will be logged in to Secured Signing using the domain name to login.
Please notice that, with this option, you should logon to windows with your own account to login with ADFS. Otherwise, you may see an error saying “Cannot login, use your own computer to retry or contact your administrator.”.