> ## Documentation Index > Fetch the complete documentation index at: https://docs.abbyy.com/llms.txt > Use this file to discover all available pages before exploring further. # Active Directory as an OAuth 2.0 External Identity Provider > Configure Active Directory Federation Services (AD FS) as an OAuth 2.0 External Identity Provider for your ABBYY Vantage tenant. ## Prerequisites * The Active Directory Federation Service (ADFS) needs to be installed. * A user group must be created in Active Directory. This group is used to manage the list of users permitted to access Vantage. * Create a Redirect URI to receive the authentication responses. The URI is: \ `https:///auth2/signin-oidc` ## Setup To set up Active Directory via the AD FS management console, follow these steps: Open the AD FS management console. Add a new application group and select the **Web browser accessing a web application** template. AD FS Add Application Group wizard with Web browser accessing a web application template selected In the **Native Application** tab, enter your Redirect URI and save the generated Client Identifier — you'll need it later. You can also view it again in the application group properties. AD FS Native Application tab with Redirect URI and Client Identifier fields In the **Apply Access Control Policy** tab, select a user group to grant access to Vantage. Leave the default value of **Allow everyone** if you don't want to restrict access yet. AD FS Apply Access Control Policy tab with user group selection for Vantage access The **Summary** and **Complete** tabs aren't required to set up Active Directory. Navigate through them and click **Close**. Open the properties of the application group you created. You can also manage Redirect URI and Client ID via **Server application Properties**. For advanced settings, use **Web application Properties** — this is also where you'll find the **Application ID**. Save it, since it's required later in the setup. In the **Add Transform Claim Rule** dialog, add a claim rule that ensures the email address and name are included in the token. AD FS Add Transform Claim Rule dialog for emitting email and name claims in the OAuth 2.0 token In the **Configure Claim Rule** tab, select **Active Directory** in **Attribute Store**. AD FS Configure Claim Rule tab with Active Directory selected as the attribute store In the **Web application Properties** dialog, open the **Client Permissions** tab, select the **openid** and **profile** scopes, then click **Apply**. AD FS Web Application Properties Client Permissions tab with openid and profile scopes selected ## Next steps Once AD FS is configured, connect it to your Vantage tenant. You'll need: * The **Application (Client) ID** (from step 6 above). * The AD FS URL in the format `https:///adfs`. The **Full computer name** is in the machine's system settings — for example, `https://adfs.platform.local/adfs`. For the Vantage-side setup, see [Setting up an External Identity Provider for a tenant](/vantage/documentation/tenant-admin/tenant-management/configuring-tenant). ## Related topics Overview of OAuth 2.0 setup for AD FS or Azure AD Configure Azure AD instead of on-premises AD FS Connect AD FS to your Vantage tenant Verify the External Identity Provider before users sign in