Web-based central authentication

ADFS (Active Directory Federation Service) provides users with single sign-on access to systems and applications and uses claims-based authentication.

Who can use this service:

The following groups can request single sign-on authentication using ADFS (https://uwaterloo.ca/faculties-academics):

  • A faculty
  • An official school 
  • An affiliated and federated institution of the University of Waterloo
  • Research centers and institutes
  • Research groups, as defined by the Senate Graduate & Research Council
  • Student Societies, as listed by Waterloo Undergraduate Student Association (WUSA)
  • WUSA
    • Clubs must be listed as an official club on the WUSA club listing or their respective Student Society homepage as defined

Required information:

  1. The URL for the application Metadata file or the file itself.
  2. The claims required to be passed to the application.

Common claims that can be requested for use by applications using ADFS, others are available if not listed below:

  • Group
  • emailaddress
  • surname
  • givenname
  • samaccountname
  • EmployeeID
  • StudentID
  • UPN

ADFS information required for the application:


  • IdP Entity ID: adfs.uwaterloo.ca
  • URL for IdP metadata: 



  • IdP Entity ID: adfstest.uwaterloo.ca
  • URL for IdP metadata:​​​


Note: ADFS can also be used to limit access to an application based on an active directory group or set of groups.

How to request this service:

Support for this service:

Complete the web form at https://uwaterloo.ca/request-tracking-system/adfs-request.

For more information on the XML template or Apache set up, please view this knowledge base article. 


No cost.


EC2 - East Campus 2
200 University Ave West