Create an incoming custom claim mapping
Updated: September 13, 2007
Applies To: Windows Server 2003 R2
In Active Directory Federation Services (ADFS), an organization custom claim maps to a user attribute. Incoming custom claim mappings are used in the resource Federation Service to map custom claims that are sent by an account partner to claims that can be used by the resource partner to make authorization decisions.
For example, an account partner might send a security token for a user that contains the custom claim EmployeeID, which maps to a user attribute in the account partner directory database. Because the resource partner cannot make authorization decisions based on the account user's EmployeeID attribute value, an incoming custom claim mapping is used to map the custom organization claim EmployeeID, which is recognized in the account partner, to the organization claim CustomerID, which is recognized in the resource partner.
Perform this procedure on a federation server in the resource Federation Service. To complete this procedure, you must have created an organization custom claim to which you can map the incoming claim.
To complete this procedure, you must be a member of the Administrators group on the local computer.
To create an incoming custom claim mapping
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, double-click Account Partners, right-click your account partner, click New, and then click Incoming Custom Claim Mapping.
In the Create a New Incoming Custom Claim Mapping dialog box, in Incoming custom claim name, type the name of the custom claim that your account partner sends to you.
In Organization custom claim, select the custom claim that you will use in your organization to map the incoming custom claim to, and then click OK.