Export (0) Print
Expand All
Expand Minimize

Checklist: Configuring the resource partner organization

Updated: December 15, 2006

Applies To: Windows Server 2003 R2

This checklist includes the tasks that are necessary for deploying Active Directory Federation Services (ADFS) in the resource partner organization. It also includes tasks for configuring the components that are required to establish one-half of a federation partnership.

If you are deploying a Web SSO design, you do not have to follow this checklist. However, you do have to complete the tasks in this checklist to successfully deploy a Federated Web SSO design or Federated Web SSO with Forest Trust design.

ImportantImportant
Make sure that the administrator of the account partner organization follows the guidance in Checklist: Configuring the account partner organization to ensure that all necessary deployment tasks will be completed to successfully create the second half of the federation partnership

noteNote
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Configuring the resource partner organization

 

  Task Reference
Checkbox

Based on your deployment goals, review information about the components that are required to provide users with access to the federated applications that you host in your organization.

Conceptual topic Provide federated access for your hosted applications

Conceptual topic Provide single-sign-on access for customers to your hosted applications

Checkbox

Determine which ADFS design this resource partner organization will be associated with.

Conceptual topic Web SSO design

Conceptual topic Federated Web SSO design

Conceptual topic Federated Web SSO with Forest Trust design

Checkbox

Review the different application types, and decide which application to deploy.

Conceptual topic Identify the type of federated application to deploy

Checklist topic Checklist: Installing a claims-aware application

Checklist topic Checklist: Installing a Windows NT token-based application

Checkbox

To effectively plan and implement the physical topology for the resource partner deployment, you determine whether your ADFS design requires one or more federation servers, federation server proxies, or ADFS-enabled Web servers.

Checklist topic Checklist: Installing a federation server

Checklist topic Checklist: Installing a federation server proxy

Checklist topic Checklist: Installing an ADFS-enabled Web server

Checkbox

After the first federation server is deployed in the resource partner organization, you configure the trust policy. You can do this manually or through a policy file that is provided to you by the administrator of the account partner organization.

Add a new account partner by manually configuring the trust policy

Add a new account partner by importing an existing policy file

Checkbox

Incoming claims must be associated with organization group claims or custom claims in the Federation Service.

Procedure topic Create an organization group or custom claim

Checkbox

The resource partner organization will have to create incoming claim mappings for each account partner in the Federation Service so that incoming claims will be mapped to organizational claims in the resource partner.

Procedure topic Create an incoming group claim mapping

Procedure topic Create an incoming custom claim mapping

Checkbox

Determine if you need an account store. If you need an account store in the resource partner organization, create the appropriate group claim mappings to map an organization claim to an Active Directory group.

Add an Active Directory account store

Add an ADAM account store

Map an organization group claim to an Active Directory group (group claim extraction)

Map an organization group claim to an ADAM attribute and value (group claim extraction)

Map an organization custom claim to an Active Directory or ADAM user attribute (custom claim extraction)

Checkbox

If you are deploying the Federation Web SSO with Forest Trust design, have the administrator for the account partner organization configure the Federation Service for Windows trust.

Conceptual topic When to enable Windows trusts

Configure an account partner to use Windows trust

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft