Search

Configuring FME Flow for ADFS SAML Authentication

Merline George
Merline George
  • Updated

Introduction

FME Flow has implemented SAML authentication for security. You can configure FME Flow to use a variety of Identity Providers, and our documentation explains what's required of FME Flow. This article provides a step-by-step guide to configuring ADFS as the Identity Provider. If you would like to use a different provider, please see Configuring FME Flow for SAML Authentication for more step-by-step tutorials.

Requirements

The URL of your FME Flow and the one you set up with your Identity Provider (IdP) do not need to be publicly accessible. However, FME Flow SSL configuration is required. Please follow the documentation to Configure FME Flow for HTTPS.

Step-by-step Instructions

Part 1: Identity Provider Configuration 

1. Open AD FS Management, right-click Relying Party Trusts, and select Add Relying Party Trust.

2. On the Wizard Settings:

Select "Claims aware".

Choose "Enter data about the relying party manually".

On the Configure URL page, check "Enable support for the SAML 2.0 WebSSO protocol". For Service URL, provide the Single Sign-On URL (ACS URL) as displayed on the FME Flow "SAML Configuration" webpage.

Add the Entity ID (Audience URI) from FME Flow "SAML Configuration" webpage as the Relying party trust identifier.

Choose Permit everyone or specify restricted groups.

3. [OPTIONAL]Set Claim rules to map which user attributes (like Username or Email) to send to FME Flow. In the Edit Claim Issuance Policy window, click Add Rule.

4. Download your ADFS metadata XML file from: https://<Your-ADFS-Hostname>/federationmetadata/2007-06/federationmetadata.xml to be uploaded to the FME Flow Web user interface.  In the AD FS Management console, go to Service > Endpoints > Metadata to confirm the specific URL for your environment.

Part 2: FME Flow Configuration

1. Open FME Flow

Open and log in to FME Flow. Navigate to User Management  SAML Configuration

2. Import SAML 

Import your IdP Metadata or provide the certificate and values.

Select the default user role you wish users to have when they log into FME Flow. FMEFlowMetaData.png

Part 3: Test your Configuration

1. Log Out of FME Flow

Log out of FME Flow, and you should now have the option to Log In With SAML. Once selected, you should be prompted to the ADFS Sign-in page; enter your credentials, and if the configuration is correct, you should be redirected back to the FME Flow home page.
SAML_Login.png           

Confirm that the user can log in and that the role and user information are as expected.

Was this article helpful?

We're sorry to hear that.

Please tell us why.

As of January 14th, 2026, comments on knowledge base articles have been closed. To make sure questions don’t get missed and to enable more community support, we’ve moved discussions to the FME Community. If you have a question or a comment about this article, please create a new post or create a support ticket.