User authentication

Enable domain-restricted sign upConfigure single sign-on (SSO)Configure OpenID ConnectConfigure OktaConfigure G SuiteConfigure Azure Active DirectoryConfigure Active Directory Federation Services (AD FS)
Create an Application Group in AD FSAdd values to Dovetail

More articles
Help homeWorkspace adminUser authentication

Configure Active Directory Federation Services (AD FS)

Business and Enterprise only

This feature is only available on our business and enterprise plans. Business and enterprise workspaces come with additional features and support to meet your organization’s needs. Check out our pricing page for more information on business and enterprise.

Pricing page

Users can authenticate to Dovetail using Active Directory Federation Services.

Tested on AD FS 2016.

Create an Application Group in AD FS

  1. In AD FS Management, right-click on Application Groups and select Add Application Group.

  2. On the Application Group Wizard, for the name enter Dovetail and under Standalone applications select the Server application template. Click Next.

  3. Copy the Client Identifier value. Keep a note of it as it will be inserted later into Dovetail.

  4. Add the following for Redirect Uri: - Click Add. Click Next.

  5. Check the box beside Generate a shared secret, copy the Secret as this will also be used in Dovetail. Click Next twice, then close.

  6. Double-click on your newly created Application Group, click Add application, under Standalone application choose the Web API template. Click Next.

  7. In Identifier add the Client Identifier from step 3, also add the URI Click Next.

  8. For Choose an access control policy, select Permit everyone. Click Next

  9. For Permitted Scopes, select allattclaims and openid. Click Next twice then Close.

  10. Double click on the newly created Web API Application. Click on the Issuance Transform Rules tab. Click Add Rule.

  11. For Claim rule template, choose Send LDAP Attributes as Claims. Click Next.

  12. For Claims rule name: Email claims. Attribute store choose: Active Directory. LDAP Attribute choose: E-Mail-Addresses. Outgoing Claim Type: email. Click Finish.

  13. Add another rule, this time for Claim rule template choose: Send Claims Using a Custom Rule. Click Next.

  14. For Claim rule name: Skip userinfo. Custom rule => issue(Type = "skip_userinfo", Value = "true");

  15. Click Finish.

  16. Now restart the AD FS service to ensure all new settings are applied.

Add values to Dovetail

Using the AD FS application’s Client Identifier and Secret values you can Configure OpenID Connect directly in Dovetail.

In the Discovery URL input, enter https://YOUR_ADFS_DOMAIN/adfs/.well-known/openid-configuration where YOUR_ADFS_DOMAIN is the domain of the AD FS Issuer. For example, if Issuer was you would enter

Was this article useful?

Related articles

Workspace admin

Configure OpenID Connect


Matt Davidson

Software Engineer

Article info

Last updated 12 July 2021
2 min read

Get help

Can’t find what you’re looking for? Search through our articles or contact our support team and get a response within 24 hours.

Get help
Get started, free forever

Start free
A few of our customers

See more customers →