Ping a Specific Port

Question

hardmod

Asked: 2015-03-20 22:42:42 +0800 CST2015-03-20 22:42:42 +0800 CST 2015-03-20 22:42:42 +0800 CST

ADFS - Restrict to AD Group

772

I just implemented an ADFS server to connect a third-party chat tool with our Active Directory via SAML 2.0.

Everything works fine so far but there's a little problem: As soon as a user logs in, the chat tool creates an account for him automatically. That's a problem because every account causes fees.

Is there any way to restrict the ADFS usage to an AD Group?

1 Answers

Voted

hardmod · Answer 1 · 2015-03-21T00:13:35+08:00

Best Answer

hardmod

2015-03-21T00:13:35+08:002015-03-21T00:13:35+08:00

This can be done by adding a so-called Issuance Authorization Rule.

Step-by-step:

Open AD FS Management Center
Expand Trust Relationsships
Select Relying Party Trusts
Right click the required trust
Click Edit Claim Rules
Goto the Issuance Authorization Rules tab
Delete the default Permit Access To All Users rule
Click Add Rule
Select Permit or Deny Users Based on an Incoming Claim
Incoming Claim Type, select Group SID
Click Browse at Incoming claim value
Select the required group
You're done

20

ADFS - Restrict to AD Group

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?