Mapping Claims as Part of Application Authorization
Applies To: Windows Server 2003 R2
Claims that are used by Active Directory Federation Services (ADFS) make it possible for an application in one organization to recognize and authorize users from a different organization or from the Internet. By creating claims to represent users in the account organization, and mapping them to a group that is recognized by the resource, you can enable authorization of users for applications that are protected by ADFS in a federated scenario.
Task requirements
You must meet the following conditions to perform the procedures for this task:
ADFS must be installed to create at least one federation server in your forest or realm.
The Active Directory Federation Services snap-in must be running on the federation server.
Active Directory or Active Directory Application Mode (ADAM) must be available in the account forest or realm.
You must have a plan for creating claims and mapping them to the appropriate users and groups if you are managing an account Federation Service, or to a set of local claims if you are managing a resource Federation Service.
To complete this task, perform the following procedures on an as-needed basis:
Map an organization group claim to an Active Directory group (group claim extraction)
Change the organization claim mapping of an outgoing group or custom claim
Change the organization claim mapping of an incoming group or custom claim