# ADFS Authentication > Configure a machine to support ADFS and make sure you have access to the ADFS Management software. Address to your system administrator in this regard. Configure a machine to support ADFS and make sure you have access to the ADFS Management software. Address to your system administrator in this regard. ## Configure ADFS to Recognize a New Orchestrator Instance :::note The following steps are valid for the ADFS Management tool. Please note that the following procedure is a broad description of a **sample configuration**. For a fully detailed how-to, visit the official [ADFS Documentation](https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services). ::: 1. Open ADFS Management and define a new relying party trust for Orchestrator as follows: 1. Select **Relying Party Trusts**. 2. In the **Actions** panel, select **Add Relying Party Trust**. The **Add Relying Party Trust Wizard** is displayed. 3. In the **Welcome** section, select **Claims Aware**. 4. In the **Select Data** section, choose the **Enter data about relying party manually** option. 5. In the **Specify Display Name** section, in the **Display name** field, insert the URL of the Orchestrator instance. 6. The **Configure Certificate** section does not need any specific settings so you may leave it as it is. 7. In the **Configure URL** section, select the **Enable support for the SAML 2.0 Web SSO Protocol** and fill in the URL of the Orchestrator instance plus the suffix `identity/Saml2/Acs` in the **Relying party SAML 2.0 SSO service URL** field. For example, `https://orchestratorURL/identity/Saml2/Acs`. 8. In the **Configure Identifiers** section, fill in the URL of the Orchestrator instance in the **Relying party trust identifier** field. 9. In the **Choose Access Control Policy** section make sure to select the **Permit everyone** access control policy. 10. The next two sections (**Ready to Add Trust** and **Finish**) do not need any specific settings so you may leave them as they are. 11. The newly added party trust is displayed on the **Relying Party Trusts** window. 12. Make sure that the default value for your URL is **Yes** (**Actions** > **Properties** > **Endpoints**). !['URL value set to Yes by default' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-url-value-set-to-yes-by-default-image-233115-d8dac39c.webp) 2. Select the relying party trust and select **Edit Claim Issuance Policy** from the **Actions** panel. The **Edit Claim Issuance Policy** wizard is displayed. 3. Select **Add rule** and create a new rule using the **Send LDAP Attributes as Claims** template with the following settings: !['Add rule' image](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-add-rule-image-225933-904bdd4f.webp) 4. Once ADFS is configured, open PowerShell as an administrator and run the following commands: * `Set-ADFSRelyingPartyTrust -TargetName "DISPLAYNAME" -SamlResponseSignature MessageAndAssertion` (Replace `DISPLAYNAME` with the value set on point **1.e.**) * `Restart-Service ADFSSRV` ## Set Orchestrator/Identity Server to Use ADFS Authentication 1. Define a user in Orchestrator and have a valid email address set on the **Users** page. 2. [Import the signing certificate](https://docs.uipath.com/orchestrator/standalone/2023.10/user-guide/setting-orchestrator-to-use-a-private-key-certificate#private-key-certificates) provided by the Identity Provider to the Windows certificate store using Microsoft Management Console. 3. Log in to the [host Management portal](https://docs.uipath.com/orchestrator/standalone/2023.10/user-guide/about-the-host-level#host-management-portal) as a system administrator. 4. Select **Security**. 5. Select **Configure** under **SAML SSO**. The **SAML SSO configuration** page opens. 6. Set it up as follows: * Optionally select the **Force automatic login using this provider** checkbox if, after the integration is enabled, you want your users to only sign in through the SAML integration. * In the **Display Name** field, type the name that you want to show for the SAML login option on the **Login** page. * Set the **Service Provider Entity ID** parameter to `https://orchestratorURL/identity/Saml2/Acs`. * Set the **Identity Provider Entity ID** parameter to the value obtained by configuring ADFS authentication. * Set the **Single Sign-On Service URL** parameter to the value obtained by configuring ADFS authentication. * Select the **Allow unsolicited authentication response** checkbox. * Set the **Return URL** parameter to `https://orchestratorURL/identity/externalidentity/saml2redirectcallback`. * Set the **External user mapping strategy** parameter to `By user email`. * Set the **SAML binding type** parameter to `HTTP redirect`. * In the **Signing Certificate** section, from the **Store name** list, select **My**. * From the **Store location** list, select `LocalMachine`. * In the **Thumbprint** field, add the thumbprint value provided in the Windows certificate store. [Details](https://docs.uipath.com/orchestrator/standalone/2023.10/user-guide/setting-orchestrator-to-use-a-private-key-certificate#private-key-certificates). :::note Replace all occurrences of `https://orchestratorURL` with the URL of your Orchestrator instance. Make sure that the URL of the Orchestrator instance does not contain a trailing slash. Always fill it in as `https://orchestratorURL/identity`, not `https://orchestratorURL/identity/`. ::: 7. Select **Save** to save the changes to the external identity provider settings. The page closes and you return to the **Security Settings** page. 8. Select the toggle to the left of **SAML SSO** to enable the integration. 9. Restart the IIS server.