How to set up ADFS SSO for your school

In this article
Last updated by
ClickView's photo
ClickView2nd February, 2026
3 min read
Single Sign-On

Summary

  • Publish your organisation info in Federation Metadata
  • Install Windows ADFS Federation Service
  • Add ClickView as a Relying Party Trust
  • Enter claim rules for required attributes
  • Configure SAML endpoints for your region
  • Submit onboarding form to complete integration
star icon
Quick tip
What should I test before rolling out ADFS SSO to all users?
Before enabling SSO school-wide, test sign-in with a small group of staff and students. This helps confirm that required attributes are mapping correctly and that users are assigned the right access levels, reducing the risk of widespread sign-in issues during rollout.

SAML integration steps with Microsoft ADFS

SAML-based Single Sign-On (SSO) enables secure authentication for ClickView users by integrating with identity providers such as Microsoft Active Directory Federation Services (ADFS). Follow these steps to configure ADFS integration.

Publish organisation information

First, ensure that your ADFS organisation information is published in your Federation Metadata:

  1. Right-click the “ADFS” folder and choose Edit Federation Service Properties.
    Edit Federation Service Properties
  2. Go to the Organisation tab.
  3. Check Publish Organisation information in federation metadata.
  4. Complete all Support contact information fields with valid data.
    ADFS Organization Tab

Install and configure ADFS

  1. Open Start.
  2. Go to Administrative Tools.
  3. Select AD FS 2.0 Management or AD FS 3.0 Management.
    Federation Server Configuration Wizard
  4. Run AD FS Federation Server Configuration Wizard.
    New Federation Server Farm
  5. Create a new Federation Service.
  6. Choose New Federation Server Farm, then select Next.
  7. If the SSL Certificate is not pre-populated, assign the appropriate SSL certificate to your Default Website in IIS. The Federation Service Name should match the SSL certificate.
  8. Enter the AD FS service account name and password, then select Next.
  9. If you receive an SPN error, use setspn.exe to resolve the issue.

Configure Federation Trust with ClickView

  1. Select Relying Party Trusts.
  2. Choose Add Relying Party Trust.
  3. Click Start and select Enter data about the relying party manually.
  4. Enter Display name: as ClickView. Select AD FS profile and proceed through the wizard by selecting Next where prompted. No checkboxes are required.
  5. In the Relying party trust identifier field, enter the ClickView entityID URL for your region as shown:
    • United Kingdom & International: https://saml-in3.clickview.co.uk/shibboleth
  6. Select Next, then set up Multi-Factor Authentication (MFA) as needed and continue.
  7. Select Permit all users to access this relying party and proceed with Next.
    Add Relying Party Trust
  8. No additional fields are required; finish with Next until Close.

Create claim rules for ClickView attributes

Add claim rules to expose the required attributes for ClickView SSO:

  1. Choose Add Rule.
    Add Rule
  2. Select Send Claims Using a Custom Rule and proceed.
    Custom Rule Claim
  3. For each field below, enter the Claim Rule Name and use the corresponding Custom Rule:
Claim Rule NameCustom Rule
Email Addressc:[Type == “http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname”]
=> issue(store = “Active Directory”, types = (“urn:oid:0.9.2342.19200300.100.1.3”), query = “;mail;{0}”, param = c.Value);
Given Namec:[Type == “http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname”]
=> issue(store = “Active Directory”, types = (“urn:oid:2.5.4.42”), query = “;givenName;{0}”, param = c.Value);
Display Namec:[Type == “http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname”]
=> issue(store = “Active Directory”, types = (“urn:oid:2.16.840.1.113730.3.1.241”), query = “;displayName;{0}”, param = c.Value);
Member Ofc:[Type == “http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname”]
=> issue(store = “Active Directory”, types = (“urn:oid:1.2.840.113556.1.2.102”), query = “;memberOf;{0}”, param = c.Value);
Surnamec:[Type == “http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname”]
=> issue(store = “Active Directory”, types = (“urn:oid:2.5.4.4”), query = “;SN;{0}”, param = c.Value);

Add SAML endpoints

  1. Go to Properties for the ClickView relying party trust and select Endpoints.
  2. Add a SAML endpoint with Binding=POST and Index=1. Use your region’s POST URL:
    • United Kingdom & International: https://saml-in3.clickview.co.uk/Shibboleth.sso/SAML2/POST
  3. Add another SAML endpoint with Binding=Artifact and Index=3. Use your region’s Artifact URL:
    • United Kingdom & International: https://saml-in3.clickview.co.uk/Shibboleth.sso/SAML2/Artifact
Endpoints Properties
POST Endpoint
Artifact Endpoint

Submit onboarding information

To begin the onboarding process, complete the SSO Onboarding form. If you have already started the form, continue completing it as needed.

Frequently asked questions

ClickView supports most SAML2 Protocol-based systems including ADFS, Shibboleth 2.0, WS-Federation, and PingIdentity.
You must map Email Address, Given Name, Display Name, Member Of, and Surname for successful authentication.
Yes, MFA setup is available as part of the ADFS wizard during relying party trust configuration.

Get in touch

If you’re having trouble finding the right topics or videos, just reach out! Our team - Akhil photoDaniel photoJalaj photo Akhil, Daniel, Jalaj, or any of us at ClickView - will be happy to help you get sorted.

Give feedback

Was this guide helpful?

Up Next

How to set up Okta SAML SSO with ClickView

This article explains how to configure a SAML 2.0 application in Okta for use with ClickView and submit the required metadata so the SSO instance can be set up.