Installing ADFS 2.0:

1. Download and execute ADFSSetup.exe.
   
2. Click Next.
   
   
   
   
3. Accept the License Agreement, then click Next.
   
   
   
   
4. Select Federation Server, then click Next.
   
   
   
   
5. Click Next.
   
   
   
   
6. Unselect the checkbox Start the ADFS 2.0... then click Finish.
   
   
   
   
7. Access the ADFS installation directory (For example, C:\Program Files\Active Directory Federation Services 2.0 directory), then edit the file named Microsoft.IdentityServer.ServiceHost.exe.config using Wordpad.
   
   
   
   
8. Insert a line, as seen below. Save and exit the Wordpad.
   
   
   
   
9. Double click FsConfigWizard.exe.
   
   
   
   
10. Select Create a new Federation Service, then click Next.
    
    
    
    
11. Select Stand-alone Federation server, then click Next.
    
    
    
    
12. The Federation service name will be shown by default, based on the SSL Certificate installed on the IIS Server. Click Next.
    
    
    
    
13. If the Delete database option is shown, select it, then click Next.
    
    
    
    
14. Click Next. The wizard will complete the configuration as shown below.
    
    
    
    
    

Running the Powershell Script for configuring ADFS 2.0

Powershell script for configuring ADFS 2.0 can be downloaded from https://www.zoho.com/vault/20616/adfsscript.ps1.

1. Save the adfsscript.ps1 file in the C:\ drive of the ADFS installation system.
   
2. Right-click on the command prompt from the Start menu, then click Run as Administrator.
   
   
   
   
3. Type the following commands:
   

• powershell
  
• Set-ExecutionPolicy RemoteSigned
  
• C:\adfsscript.ps1
  

4. Any errors encountered while running the script will be printed in red. Rectify the errors to run the PowerShell script successfully. 
   

Note: 
If you're unable to set the execution policy for RemoteSigned because of domain policy, you might need to set the same policy in your Domain Controller. Refer to this article to set the execution policy on domain controller. https://www.techrepublic.com/blog/datacenter/set-the-powePrshell-executionpolicy-via-group-policy/3305

After running the PowerShell script, 

1. Log in to Zoho Vault as a super admin
   
2. Select the Settings tab, then click AD/LDAP integration from the Integrations section.
   
   
   
   
3. Select SAML Configuration to configure the Login URL, Logout URL, Certificate (Saved at C:\certificate.cer), and the Algorithm details. 
   
   
   

Disabling SAML Authentication

To disable the SAML authentication:

1. Log in to Zoho Vault as a super-admin
   
2. Select the Settings tab, then click AD/LDAP integration from the Integrations section.
   
   
   
   
3. Select SAML Configuration, then click Disable.

Note: While importing users using the Provisioning App, you will need to set up a default password. Your users can log in to Zoho Vault with this default password. If you're planning to disable SAML Authentication, and wish to authenticate through Zoho, or if your users forget the default password, they can click Forgot Password from the login page to receive an email with details to set up a new password. 

Authenticating external users

External authentication is possible only if the AD FS login URL is configured to access from the internet. You will be redirected to a system in your intranet while authenticating, because SAML Authentication works based on browser-based redirection.