Create an Outgoing Group Claim or Custom Claim Mapping

  • Article

Applies To: Windows Server 2008

In Active Directory Federation Services (AD FS), an organization claim (group or custom) in the account Federation Service must be mapped to an outgoing claim, which the resource Federation Service will receive when an account organization user requests access to a resource. On the resource federation server, this claim is received as an incoming claim, which is likewise configured to map to a local organization claim. The resource Federation Service then uses the local organization claim to make authorization decisions.

Perform this procedure on an account federation server. To perform this procedure, you must have created an organization group claim or custom claim to which you can map the outgoing claim.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To create an outgoing group claim or custom claim mapping

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, double-click Resource Partners, right-click the resource partner, point to New, and then click one of the following:

    If you are mapping a group claim, click Outgoing Group Claim Mapping, and then create the mapping as follows:

    1. In the Create a New Outgoing Group Claim Mapping dialog box, in Organization group claims, select the group claim in the account organization that you want to map to the outgoing claim.

    2. In Outgoing group claim name, type the name of the outgoing group claim that you want to send to the resource partner, and then click OK.

    If you are mapping a custom claim, click Outgoing Custom Claim Mapping, and then create the mapping as follows:

    1. In the Create a New Outgoing Custom Claim Mapping dialog box, in Organization custom claims, select the custom claim in the account organization that you want to map to the outgoing claim.

    2. In Outgoing custom claim name, type the name of the outgoing custom claim that you want to send to the resource partner, and then click OK.

Additional references

Create an Organization Group Claim or Custom Claim