Use Active Directory Federation Service (AD FS) to log in

From version 1.13 of HCP we support Single Sign On with ADFS. To set this up you will need an ADFS server 2019 or later.


Once enabled the end user will have an extra option on the log in page to log in using your company's ADFS server and the users own user name and password in your organisation.


Note: The user will need to be added in HCP as a user to be allowed to log in.


ADFS Setup


On your ADFS server, under Application Groups, add an Application group.


Choose "Native application" and enter a name and click next.


Enter the URL to your HCP server like https://<,DNS>,/sso/redirect
and press Add and Next.

Copy the Client Identifier, it will be needed later when configuring HCP.


For identifier just add your HCP URL like: https://<,DNS>,

The next screen is for choosing an Access Policy, use default values or change to your liking.

The last screen is for choosing permissions, "openid" is the only required one and is also the default.


Set up CORS rules

On the ADFS server start a PowerShell command window as an administrator.

Issue the commands:

Set-AdfsResponseHeaders -EnableCORS $true

Set-AdfsResponseHeaders -CORSTrustedOrigins


Note: If you need CORS rules for more than one domain active you must comma separate them like:

Set-AdfsResponseHeaders -CORSTrustedOrigins,


HCP Setup

In HCP in the ADFS section, enable the feature and enter the URL of your ADFS server and the ClientID you got during the setup of the ADFS server.



Save your changes, and you're good to go!