Permitting or Denying Users Based on an Incoming Claim

  • Article

Applies To: Active Directory Federation Services (AD FS) 2.0

Using the Permit or Deny Users Based on an Incoming Claim rule template, you can permit or deny access by users to the relying party based on the type and value of an incoming claim.

For example, you can use this rule template to create a rule that will permit only users that have a group claim with a value of "Domain Admins". If you want to permit all users to access the relying party, use the Permitting All Users rule template. Users who are permitted to access the relying party from the Federation Service may still be denied service by the relying party.

You can find incoming claims in the input claim set of the rules. For more information about the input claim set of the rules, see Using Claim Rules for Issuing Claims.

See Also

Other Resources

When to Use an Authorization Claim Rule
Create a Rule to Permit or Deny Users Based on an Incoming Claim
Determine the Type of Claim Rule Template to Use
The Role of Claim Rules