Cyber Risk Aware supports the OIDC federation protocol for SSO integration with ADFS 2016 (NOTE: Earlier versions of ADFS do not have support for OpenID Connect). The configuration steps for setting up this integration are listed below. It is broken into 2 steps :-


  1. Register Application in your ADFS management portal.
  2. Update Authentication Settings in your Cyber Risk Aware portal.



Register Application in ADFS Management portal




The first step is to register the Cyber Risk Aware application within the ADFS management console. This will generate an application id and allow for your application to receive security tokens. Basically when the Cyber Risk Aware application provides the generated application ID during the authentication flow, ADFS will provide a level of trust by providing the authenticated security token to Cyber Risk Aware to proceed with login. The steps involved in registering the application are listed below:-

  • Navigate to the ADFS management console.
  • Right click on Application Groups and select Add Application Group.



  • In the wizard that appears, provide a name for the application and under Client-Server Applications select Web browser accessing a web application and click next.




  • In the next step make note of the Client ID. This will be needed when configuring the application on the Cyber Risk Aware portal.



  • Click Next

  • Click next and review the settings on the summary page, click next and complete.


Screenshot that shows Summary screen.



Configuration on Cyber Risk Aware


The last step is to add the minimal configuration needed to your Cyber Risk Aware portal.  


  • Login to your Cyber Risk Aware portal as an administrative user.
  • From the menu on the left, select Configuration and then Authentication Settings



  • From the Authentication Type drop-down, select OpenID.



  • For each of the fields, provide the values:
    • Post logout redirect URI : https://{your domain name}.cyberriskaware.com/auth/osignedin
    • Redirect URI: https://{your domain name}.cyberriskaware.com/auth/osignedin
    • Authority: https://{your adfs url}/adfs.
    • Client Id: This should be the Client Id field you will have noted earlier.
    • Client Secret: This can be left blank.
    • Domain Hint: your-domain.com
    • Username Claim: This will default to preferred_username but can be updated to a claim of your choosing, for example the UPN claim would be: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
  • Click Save



This concludes the setup. Please note that it may take one day for the changes to take effect,