You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/external-identities/direct-federation-adfs.md
+15-13Lines changed: 15 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -68,28 +68,30 @@ An AD FS server must already be set up and functioning before you begin this pro
68
68
69
69
5. Click **Ok**.
70
70
71
-
### Add the relying party trust and claim rules
71
+
### Add the relying party trust
72
72
73
73
1. On the AD FS server, go to **Tools** > **AD FS management**.
74
-
2. In the navigation pane, select **Trust Relationships** > **Relying Party Trusts**.
74
+
2. In the navigation pane, select **Relying Party Trusts**.
75
75
3. Under **Actions**, select **Add Relying Party Trust**.
76
-
4. In the add relying party trust wizard for **Select Data Source**, use the option **Import data about the relying party published online or on a local network**. Specify this federation metadata URL- https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml. Leave other default selections. Select **Close**.
77
-
5. The **Edit Claim Rules** wizard opens.
78
-
6. In the **Edit Claim Rules** wizard, select **Add Rule**. In **Choose Rule Type**, select **Send LDAP Attributes as Claims**. Select **Next**.
79
-
7. In **Configure Claim Rule**, specify the following values:
76
+
4. In the add relying party trust wizard select **Claims aware** and click **Start**.
77
+
5. In the **Select Data Source** section, use the option **Import data about the relying party published online or on a local network**. Specify this federation metadata URL- https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml. Click **Next**.
78
+
6. Leave the other settings in their default state. Continue to click **Next** and finally **Close** to finish the wizard.
79
+
80
+
### Create claims rules
81
+
1. Right-click the Relying Party Trust you just created and select **Edit Claim Issuance Policy**.
82
+
2. In the **Edit Claim Rules** wizard, select **Add Rule**.
83
+
3. In **Claim rule template**, select **Send LDAP Attributes as Claims**.
84
+
4. In **Configure Claim Rule**, specify the following values:
80
85
81
86
-**Claim rule name**: Email claim rule
82
87
-**Attribute store**: Active Directory
83
88
-**LDAP Attribute**: E-Mail-Addresses
84
89
-**Outgoing Claim Type**: E-Mail Address
85
90
86
-
8. Select **Finish**.
87
-
9. The **Edit Claim Rules** window will show the new rule. Click **Apply**.
88
-
10. Click **Ok**.
89
-
90
-
### Create an email transform rule
91
-
1. Go to **Edit Claim Rules** and click **Add Rule**. In **Choose Rule Type**, select **Transform an Incoming Claim** and click **Next**.
92
-
2. In **Configure Claim Rule**, specify the following values:
91
+
4. Select **Finish**.
92
+
5. Once more, click **Add Rule**.
93
+
6. In **Claim rule template**, select **Transform an Incoming Claim** and click **Next**.
94
+
7. In **Configure Claim Rule**, specify the following values:
0 commit comments