Configure Active Directory and SSO groups with ADFS

Configuring Active Directory and SSO groups with ADFS allows you to map users to specific groups on your platform site.

Before you start

Before you configure Active Directory and SSO groups with ADFS, there are a few things to know:

• You will need Active Directory Federation Services (ADFS).

• You need to Configure SAML single sign-on with ADFS.

• You have permission to create a “Group” and edit “Claim Rules” on ADFS.

1. Create a new Group on ADFS

1. In Server Manager, click Tools, and then select Active Directory Users and Computers.

2. Select a directory.

3. Right-click the directory and select New > Group.

4. Right-click the group and select Properties.

5. On the Members tab, select Add.

6. Under Enter the object names to select, enter the names or email addresses of the users you want to add to this group.

7. (Optional) Click Check Names to verify the users.

8. Click OK and then Apply.

2. Add a new attribute to an Issuance Transform Rules

1. In Server Manager, click Tools, and then select AD FS Management.

2. In the console tree, under AD FS, click Relying Party Trusts.

3. Right-click the trust you made in Configure SAML single sign-on with ADFS, and then click Edit Claim Issuance Policy.

4. Under Issuance Transform Rules, select the “Map attributes” rule.

5. Under LDAP attribute, add a new attribute of "Token-Groups as SIDs", and map it to "Role" under Outgoing Claim Type.

6. Click OK.

3. Create an SSO group

• Create a new SSO group within your platform site that’s mapped to the group you created in your ADFS.

See also

• Configure SAML single sign-on with ADFS

• Configure Azure Active Directory SSO with your platform

• Connect Microsoft Teams to your platform