Step 4: Add new roles to the SharePoint site

Updated: May 5, 2010

Applies To: Active Directory Federation Services (AD FS) 2.0


Now we add a few new roles to the SharePoint site that will have restricted access. We add a role called DrugTrial1Admins that will have administrator access to site. We then add another role called DrugTrial1Auditors that will have visitor access to the SharePoint site. We do this by accessing the SharePoint site as an Administrator. The Administrator account belongs to the Domain Admins Role/Group, and it has full access to the SharePoint site.

  1. Log on to the CONTOSOSRV01 computer as CONTOSO\Administrator with "demo!23" as the user password.

  2. Navigate to the SharePoint site by going to The site redirects you to the STS login page (as shown below) and asks you to authenticate to the STS.

  3. Sign in to the SharePoint site using the administrator credentials by typing Contoso\administrator for the user name and demo!23 for the password.

  4. Back on the SharePoint site, on the Site Actions menu, click Site Settings, and then click People And Groups.

  5. To add a group to the Home Owners group, click the Home Owners link in the Groups pane.

  6. On the next page, click New, and then click Add Users.

  7. In Users/Groups, type Role#DrugTrial1Admins, and then click OK.


On the next page, you see Role#DrugTrial1Admins as a member of the Home Owners group.

  1. In the browser window that you opened to the SharePoint administration site previously, under Groups, click Home Visitors.

  2. On the next page, click New, and then click Add Users.

  3. In the input box, type Role#DrugTrial1Auditors, and then click OK.

  4. Role#DrugTrial1Auditors appears in the Home Visitors group.

  1. Close the browser window, reopen Internet Explorer, and navigate to

  2. On the STS sign in page, sign in using DanielW's credentials (Username: contoso\danielw, Password: demo!23), who is a member of DrugTrial1Admins group.

  3. The STS logs you in and redirects you back to with a token that contains the role of DrugTrial1Admins. The user name that you logged on with ( will appear in the SharePoint site, and you will have full access to the SharePoint site because the user belongs to a group (DrugTrial1Admins) that has full access to the site.


Community Additions