Configure Groups in ADFS
Create or configure Active Directory groups that you want to map to Security Groups in CSM. Users are automatically added to the mapped CSM Security Group when their account is created or updated.
To configure groups in ADFS:
- Open the AD FS Management tool.
- From the navigation pane, expand Trust Relationships, and then select Relying Party Trusts.
- Select the CSM server that is configured for SAML.
- Select Edit Claims Rules, and then select Add Rule.
- From the Add Transform Claim Rule Wizard, select the Send Group Membership as a Claim rule template, and then select Next.
- Add the following claim rule properties:
Property Value Claim rule name Provide a name, such as Admin or IT Service Desk Level 1. For easier maintenance, choose a name that matches Security Group names in CSM. User's Group Select Browse, and then add the domain name group you want to map to CSM Security Groups. For example, add Domain Admins if you want to automatically add users in this group to the Admins Security Group in CSM. Outgoing Claim Type Select Group. Outgoing Claim Value Provide a name for the group. This is the name you will use to map the ADFS group to a CSM Security Group.
- Record the group names you added so have the names when you map them to Security Groups in CSM.
- Select Finish.
- Repeat this process for each ADFS group you want to map to a CSM Security Group.
- Map the ADFS groups to CSM Security Groups. See Map SAML Security Groups to CSM Security Groups.