Edit

Checklist: Creating Claim Rules for a Relying Party Trust

  • Article

This checklist includes the tasks that are necessary for planning, designing, and deploying claim rules that are associated with a relying party trust in Active Directory Federation Services (AD FS).

Note

Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Icon for Creating a claim rule set for a relying party trust check list.Checklist: Creating a claim rule set for a relying party trust

Task Reference
Review concepts about claims, claim rules, claim rule sets, and claim rule templates and how they are associated with federated trusts. Icon for the The Role of Claims link you can use in reference to creating claims rules for a relying party trust.The Role of Claims

Icon for the The Role of Claim Rules link you can use in reference to creating claims rules for a relying party trust.The Role of Claim Rules
Review concepts about how a claim flows through all the stages in the claims issuance pipeline and how rules are processed by the claims issuance engine. Icon for the The Role of the Claims Pipeline link you can use in reference to creating claims rules for a relying party trust.The Role of the Claims Pipeline

Icon for the The Role of the Claims Engine link you can use in reference to creating claims rules for a relying party trust.The Role of the Claims Engine
To effectively plan and implement the output claims that will be issued over this relying party trust, determine whether one or more claim rules are needed and which claim rules you should use with this relying party trust. Icon for the Determine the Type of Claim Rule Template to Use link you can use in reference to creating claims rules for a relying party trust.Determine the Type of Claim Rule Template to Use
Review concepts about when to create one claim rule over another and how you can use the claim rule language to provide more complex logic than standard rules in order to provide a desired result in the ideal output claim set. Icon for the When to Use a Pass Through or Filter Claim Rule link you can use in reference to creating claims rules for a relying party trust.When to Use a Pass Through or Filter Claim Rule

Icon for the When to Use a Transform Claim Rule link you can use in reference to creating claims rules for a relying party trust.When to Use a Transform Claim Rule

Icon for the When to Use a Send LDAP Attributes as Claims Rule link you can use in reference to creating claims rules for a relying party trust.When to Use a Send LDAP Attributes as Claims Rule

Icon for the When to Use a Send Group Membership as a Claim Rule link you can use in reference to creating claims rules for a relying party trust.When to Use a Send Group Membership as a Claim Rule

Icon for the When to Use an Authorization Claim Rule link you can use in reference to creating claims rules for a relying party trust.When to Use an Authorization Claim Rule

Icon for the When to Use a Custom Claim Rule link you can use in reference to creating claims rules for a relying party trust.When to Use a Custom Claim Rule

Icon for the The Role of the Claim Rule Language link you can use in reference to creating claims rules for a relying party trust.The Role of the Claim Rule Language
A claim description must be created if one does not already exist that will fulfill the needs of your organization. AD FS ships with a default set of claim descriptions that are exposed in the AD FS Management snap-in. Icon for the Add a Claim Description link you can use in reference to creating claims rules for a relying party trust.Add a Claim Description
Depending on the needs of your organization, create one or more claim rules for the rule sets that are associated with this relying party trust so that claims will be issued appropriately. Icon for the Create a Rule to Pass Through or Filter an Incoming Claim link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Pass Through or Filter an Incoming Claim

Icon for the Create a Rule to Send LDAP Attributes as Claims link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Send LDAP Attributes as Claims

Icon for the Create a Rule to Send Group Membership as a Claim link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Send Group Membership as a Claim

Icon for the Create a Rule to Transform an Incoming Claim link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Transform an Incoming Claim

Icon for the Create a Rule to Send an Authentication Method Claim link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Send an Authentication Method Claim

Icon for the Create a Rule to Send an AD FS 1.x Compatible Claim link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Send an AD FS 1.x Compatible Claim

Icon for the Create a Rule to Send Claims Using a Custom Rule link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Send Claims Using a Custom Rule
Depending on the needs of your organization, create one or more claim rules for either the issuance authorization rules set or the delegation authorization rules set that is associated with this relying party trust so that users will be permitted access to the relying party. Icon for the Create a Rule to Permit or Deny Users Based on an Incoming Claim link you can use in reference to creating claims rules for a relying party trust.Create a Rule to Permit All Users

creating claim rulesCreate a Rule to Permit or Deny Users Based on an Incoming Claim