Skip to main content

Integrating Arc XP with Microsoft ADFS

This guide explains how to integrate Arc XP with Microsoft Active Directory Federation Services (ADFS) using SAML authentication.

Note

This documentation describes a third-party tool. The steps may change over time. Always refer to the tool's official documentation for the latest instructions.

If multi-factor authentication or additional security settings are needed, configure them separately from this guide.

How the integration works

This integration establishes a SAML relationship between Arc XP's Identity Provider (Okta) and your Microsoft ADFS. When a user attempts to log in to Arc XP:

  1. The user is redirected to your ADFS login page.

  2. They log in using their ADFS credentials.

  3. ADFS redirects the user back to Okta.

  4. Okta verifies the authentication parameters and redirects the user to Arc XP.

Prerequisites

Before you begin, ensure you:

  • have administrative access to your Company’s ADFS.

  • understand how to configure and use ADFS.

  • know how the login flow works for your users.

  • identify the groups that need to be passed to Arc XP for permissions. (You can update these later.)

Step 1: Provide federation metadata

All ADFS deployments have a Federation Metadata URL. Arc XP requires either the URL or the XML content from this URL.

  1. Locate your Federation Metadata URL. It typically follows this format: https://<ADFS hostname>/federationmetadata/2007-06/federationmetadata.xml

  2. Send this URL or the XML content to Arc XP Customer Support.

  3. Wait for Arc XP to proceed to the next step.

Step 2: Create a relying party trust in ADFS

When Arc XP receives your metadata, they send you a file named metadata.xml. Use this file to configure ADFS as follows:

  1. Open ADFS Management Console.

  2. In the Actions pane, click Add a Relying Party Trust.

  3. Click Start (leave Claims Aware selected).

  4. On Select Data Source, choose Import Data and browse for the metadata.xml file.

  5. Click Next.

  6. Name the Relying Part Trust Arc Publishing, and click Next.

  7. On Access Control Policy, select Permit Everyone. You can customize permissions later if needed.

  8. Verify the configuration details, and click Next.

  9. Click Close.

Step 3: Configure claims

Claims populate user identity details when logging in to Arc XP.

  1. If the Edit Claim Issuance Policy window does not appear, right-click the Relying Party Trust you just created and select Edit Claim Issuance Policy.

  2. Click Add Rule.

  3. Select Send LDAP Attributes as Claims, and click Next.

  4. Name the rule Arc Publishing Okta.

  5. Select Active Directory as the Attribute Store.

  6. Map the following claims:

    Table 1. 

    LDAP attribute

    Outgoing claim type

    E-Mail Addresses

    email

    E-Mail Addresses

    userName

    Given-Name

    firstname

    Surname

    lastname

    User-Principal-Name

    Name ID



  7. Click Finish.

Step 4: Configure group mappings

Groups determine user permissions within Arc XP. You must manually configure and pass group claims.

  1. Click Add Rule again.

  2. Select Send Group Membership as a Claim, and click Next.

  3. Configure the group details:

    • Claim Rule Name - set a name for tracking.

    • Group - select the group from Active Directory.

    • Outgoing Claim Type - enter groups (must be typed manually)

    • Outgoing Claim Value - enter the value you want to pass to Arc XP.

  4. Click Finish.

  5. Repeat these steps for each additional group.

Step 5: Provide group information to Arc XP

After you configure groups, send the Outgoing Claim Values to Arc XP Customer Support. Arc XP updates Okta to recognize these groups.

Step 6: Test the integration

After Arc XP confirms the setup is complete, test the login process.

  1. Go to your Arc XP admin portal: [orgId].arcpublishing.com.

  2. Enter your email address on the Okta login page.

    The system routes the request to ADFS.

  3. Log in using your ADFS credentials.

    If successful, the system redirects you to Arc XP.

In this section: