1,311 questions
ADFS 4.0, Federated with external IDP
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 65%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
BlackCat
106
Reputation points
Scenario:
ADFS at Forest root domain Root.local
Federated with external IDP sending NameID to ADFS
at ADFS, claims Provider trust created and pass NameID
At child domain A.root.local we created shadow account to match with NameID sent from External IDP
A SAML2.0 app onboarded at ADFS but using security group as Role at child-domain A.Root.local (domain netbios A)
External IDP sucessfully send NameID to ADFS for login, question is how do I transform that NameID from external IDP to add A\NameID or ******@a.root.local so it will query the security group at child domain to send as role?
I am trying to add domain netbios name A to NameID in format A\NameID to the store and having another rule to look up security group at child domain to send as Role.
Thanks
Microsoft Security | Active Directory Federation Services
Sign in to answer