Checklist: Configuring the resource partner organization
Applies To: Windows Server 2003 R2
This checklist includes the tasks that are necessary for deploying Active Directory Federation Services (ADFS) in the resource partner organization. It also includes tasks for configuring the components that are required to establish one-half of a federation partnership.
If you are deploying a Web SSO design, you do not have to follow this checklist. However, you do have to complete the tasks in this checklist to successfully deploy a Federated Web SSO design or Federated Web SSO with Forest Trust design.
Important
Make sure that the administrator of the account partner organization follows the guidance in Checklist: Configuring the account partner organization to ensure that all necessary deployment tasks will be completed to successfully create the second half of the federation partnership
Note
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
.gif "Checklist")
Checklist: Configuring the resource partner organization
| Task | Reference | |
|---|---|---|
.gif "Checkbox") |
Based on your deployment goals, review information about the components that are required to provide users with access to the federated applications that you host in your organization. |
|
|
Determine which ADFS design this resource partner organization will be associated with. |
|
|
Review the different application types, and decide which application to deploy. |
|
|
To effectively plan and implement the physical topology for the resource partner deployment, you determine whether your ADFS design requires one or more federation servers, federation server proxies, or ADFS-enabled Web servers. |
|
|
After the first federation server is deployed in the resource partner organization, you configure the trust policy. You can do this manually or through a policy file that is provided to you by the administrator of the account partner organization. |
Add a new account partner by manually configuring the trust policy Add a new account partner by importing an existing policy file |
|
Incoming claims must be associated with organization group claims or custom claims in the Federation Service. |
|
|
The resource partner organization will have to create incoming claim mappings for each account partner in the Federation Service so that incoming claims will be mapped to organizational claims in the resource partner. |
|
|
Determine if you need an account store. If you need an account store in the resource partner organization, create the appropriate group claim mappings to map an organization claim to an Active Directory group. |
Add an Active Directory account store Map an organization group claim to an Active Directory group (group claim extraction) Map an organization group claim to an ADAM attribute and value (group claim extraction) |
|
If you are deploying the Federation Web SSO with Forest Trust design, have the administrator for the account partner organization configure the Federation Service for Windows trust. |
.gif "Conceptual topic")
.gif "Checklist topic")
.gif "Procedure topic")