Make sure to read System Requirements prior to proceeding
SystoLOCK provides two modules for AD FS integration: AD FS Adapter and AD FS Identity provider. There is a difference in how they handle SAML and in compatibility with AD FS releases. AD FS Adapter only works on Windows Server 2019 and up, while the Identity Provider is also compatible with earlier versions of AD FS, but relies on IIS being installed.
Also, if you plan to use applications with compartmentalized logins that require specific authentication context, such as Microsoft Office 365 Apps for mobile and Windows and similar, AD FS Adapter is most likely not the right choice and you should go for the Identity Provider.
You can install both AD FS Adapter and AD FS Identity Provider on the same machine and configure their usage differentiation via ADFS policies.
Administrators
groupBoth packages require configuration and fine tuning after installation.
The installer adds SystoLOCK to both Internet and Intranet groups of policies on AD FS server and opens AD FS management console upon completion:
Please, review the settings for primary extranet and intranet authentication settings and change them according to you requirements. Restart AD FS service after making any changes to the policies.
C:\Program Files\Systola\SystoLOCK\Identity Provider\Scripts
.ls Cert:\LocalMachine\My
.\Install-SystoLockIdp.ps1 -DefaultSite -InstallInRoot -SigningCertificate <Thumbprint from above> -WebFQDN <FQDN from above>
.Get-Help .\Install-SystoLockIdp.ps1
to learn about the different options and their usage and also how to install into other sites and paths.