Skip to main content

Configure Single Logout with Microsoft ADFS

The ADFS identity provider supports the Single logout, so you can set up SAML single logout (SLO).

When a user initiates a logout, the identity provider logs the user out of all applications in the current identity provider login session. The logout could be service provider initiated or identity provider initiated.

Prepare LogicalDOC

  1. Enable the SAML Single Logout in Administration > Security > SAML Single Sign-On
  2. Enable the encryption of the Logout requests and responses

    Click on Save to confirm all the configuration.

    SAML Panel

Now you completed the LogicalDOC's configuration and can approach the setup of ADFS.

Add the Logout endpoint

  1. Open the ADFS management snap-in, then select AD FS > Relying Party Trusts. Here, right-click on LogicalDOC and choose Properties, then move to the Endpoints tab.

    Properties

  2. Here, click on Add SAML...  to add a new Logout endpoint, as Trusted URL put the LogicalDOC's base URL followed by the /saml/logout suffix and as Response URL put the LogicalDOC's base URL followed by the /saml/slo suffix

    Logout endpoint

  3. You now created the new endpoint for the logout

    Relaying party

Click the OK button to confirm.

Test the Logout

In order to test if all was correctly configured, you may do this:

  1. Login into one of the applications connected to the same ADFS
  2. Then enter the LogicalDOC's Single Sign-on login page
  3. Once inside LogicalDOC, press the logout button
  4. Now, check that you are now logged out from all the other applications also