I have a client who has implemented ArcGIS Enterprise 10.6.1 with Active Directory integrated named users. The Web Adaptor with Windows Authentication is placed in front of the Portal to provide automated log-in experience.
Client now wants to use ADFS as SAML compliant identity provider. However, client wants to retain IWA-like user experience that is all domain users logged-in automatically when accessing the Portal. My understanding is with ADFS, users will still need to provide their domain username and password on Enterprise Log-in page. This is not a true Single Sign-On experience rather a Same Sign-On experience. Is there a way to achieve automated log-ins with ADFS? Does it require some configuration at ADFS level?
From memory, the solution was to create a URL rewrite rule in IIS which redirects the user to ADFS, initiates login, then sends them back to Portal. So instead of accessing Portal via maps.example.com/portal, they navigate to maps.example.com (the rule applies at IIS root) and after a series of redirects they end up authenticated at maps.example.com/portal/home.