Adding a New Account Partner

Applies To: Windows Server 2003 R2

You can use the New Account Partner wizard to add an account partner to the resource Federation Service in Active Directory Federation Services (ADFS). This wizard allows you to create an account partner that requires manual configuration of the trust policy or imports an existing policy file that is provided (exported) by an existing federation server in the account partner, as follows:

• Manually configure the trust policy: If the corresponding account partner organization has not installed ADFS yet or does not plan to provide you with an exported policy file, create the account partner to use the values that you provide. To do so, you must have the following information about the account partner Federation Service:

  • Display name: The name of the account partner Federation Service. This name appears in the list of realms that is presented to clients that request access to a Web site that is protected by ADFS authentication and authorization.

  • Federation Service Uniform Resource Identifier (URI): Uniquely identifies the Federation Service, and identifies this server as a member of the account Federation Service, in the form **urn:federation:**OrganizationName.

  • Federation Service endpoint Uniform Resource Locator (URL): The URL that will be used by clients to access a Web server in this Federation Service, in the form https://FullyQualifiedDomainName/adfs/ls/. If a federation server proxy is installed, the fully qualified domain name should be the host name of the federation server proxy. If no federation server proxy is installed, the fully qualified domain name should be the name you are using to represent federation servers in the account Federation Service.

• Import a trust policy file: When you import a policy file when creating an account partner, the properties of the new account partner are automatically entered in the trust policy by the New Account Partner wizard. This information is derived from the account Federation Service trust policy file, thereby eliminating configuration errors. To import a policy file, the account partner must have exported its generic policy file or partner policy file and provided you with the file or its shared location.

Task requirements

You need the following to perform the procedures for this task:

• Active Directory Federation Services snap-in running on a federation server.

To complete this task, perform the following procedures, as needed:

• Add a new account partner by manually configuring the trust policy

• Export an account or resource policy file to a partner organization

• Add a new account partner by importing an existing policy file

See Also

Concepts

Adding a New Resource Partner