Bypass SSO to login automatically with ADFS authentication

Enabling Windows authentication for Symphony from Active Directory Federation Services (ADFS) allows you the ability to pass Windows credentials to single sign-on (SSO) for the Symphony app within your intranet.

Allow users to bypass SSO to login automatically with ADFS authentication by following these steps:

1. From Server Manager, select Tools and then select ADFS Management.

2. From the ADFS snap-in, select Authentication Policies (Figure 1):


Figure 1 Authentication Policies

3. In the Primary Authentication section, select Edit next to Global Settings (Figure 2): 


Figure 2 Edit

Note: You can also right select Authentication Policies then Edit Global Primary Authentication or under the Actions pane, select Edit Global Primary Authentication.

4. In the Edit Global Authentication Policy window, select the Primary tab.

5. Enable the following checkboxes and select OK (Figure 3):


Figure 3 Edit Global Authentication Policy

6. Add Chrome as an agent in WIASupportedUserAgents.

7. Add a user agent string for Chrome in the ADFS configuration (Figure 4):

Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + “Chrome”)

Figure 4 Command

8. Confirm the user agent string for Chrome is now set in the ADFS properties (Figure 5 and Figure 6):

Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents

Figure 5 Command


Figure 6 Command

9. Add the domains to be whitelisted from the Symphony client to bypass the SSO authentication. To enable this, set the following variables to the necessary SSO URL under the customFlags configuration in the Symphony configuration file (Figure 7):

  • authServerWhitelist.
  • authNegotiateDelegateWhitelist.


Figure 7 customFlags

Note: Where companyabc is the name of your pod.

For example, if your app is installed in C:\Program Files\Symphony, you will need to edit the Symphony.config file under the config sub-directory.

Additionally, you will need to set authServerWhitelist and authNegotiateDelegateWhitelist to the necessary SSO URL, for example: 

Note: Where companyabc is the name of your pod.

If you require further assistance with bypassing SSO to login automatically with ADFS authentication, please contact the Symphony Support team at