ADFS SSO Configuration - TestRail

ADFS SSO Configuration

TestRail lets you integrate with your preferred SSO identity provider (IDP) using SAML 2.0, OAuth 2.0, and OpenID Connect protocols. Once you enable the SSO configuration, you can choose your preferred protocol.

This guide specifically helps you with the ADFS protocol configuration. Follow these instructions first for the Okta web application registration:

  1. In ADFS Management, navigate to Trust Relationships -> Relying Party Trust area
  2. Click Add Relying Party Trust in the right panel window
  3. Click Start, and select Enter data about relying party manually
  4. Click Next, and enter the Display Name
  5. Click Next on Configure Certificate Page
  6. Select Enable Support for SAML 2.0 WebSSO Protocol and the Single Sign on URL from the TestRail SSO configuration page
  7. Click Next, and add the metadata as well as the index.php link for Relying Party Trust Identifier
  8. Click Next for all the other pages and configure as per your requirement and click Finish
  9. Add the Following Edit Claim Rules for the Relying Party Trust

Rule 1:

a. Claim Rule Template -> Send LDAP Attributes as Claim

b. Enter Rule name and select attribute store as Active Directory

c. Map the LDAP attributes to output claim as follows: (Make sure all the details in the table is entered for the user in Active Directory Users and Computers) 

LDAP Attribute Outgoing Claim Type
User-Principal-Name UPN
Given-Name Given Name
Surname Surname
E-Mail-Addresses E-Mail Address
Display-Name Name


d. Save the Rule

Rule 2:

a. Claim Rule Templates -> Transform an Incoming Claim

b. Enter the Claim Rule Name

c. Set the following values for the Rule Template 

Incoming Claim Type UPN
Incoming Name ID Format Unspecified
Outgoing Claim Type Name ID
Outgoing Name ID Format Email


 d. Check Pass through all claims value and save the rule

10. Click Authentication Policy, under Primary Authentication -> Global Settings. Edit the Authentication Method and add Forms Authentication in Extranet as well as Intranet.

11. Add User in TestRail to enable SSO for ADFS

a. Add new User under Users & Roles, Specify the email address same as on the ADFS server-side

b. Enable Single Sign-on (SSO) Authentication12.Under Service -> Certificate select Token-Signing Certificate

12Right click on the certificate to view and Copy to File under the details tab

13. Copy the certificate to the desired location making sure the format of the certificate is Base-64 encoded X.509 (.CER)

14Upload the certificate into TestRail.

15. Copy the FQDN value for your server in IDP Issuer URL and append /adfs/ls

 For SAML Assertion Encryption

  1. Obtain a public key certificate that matches a private key that’s configured in the application.
  2. The public key should be stored in an X.509 certificate file in .cer format.
  3. Add the certificate in the encryption tab for the Relying Party Trust
  4. In the TestRail SSO settings, enable encrypted assertions
  5. Copy the private key obtained in step 1