For Security Center to receive claims from an ADFS server using the WS-Trust or WS-Federation protocols, you must create and configure an Authentication Service role.
Before you begin
- All ADFS servers involved in the trust chain are fully configured.
- ADFS groups have been mapped to Security Center user groups.
What you should know
You must create one Authentication Service role for WS-Trust or WS-Federation in Security Center for each root ADFS. In our sample scenario, the local ADFS server is the root ADFS, therefore only one Authentication Service role is needed.
If you do not have a local ADFS server, but multiple independent third-party ADFS servers acting as identity providers for Security Center, then you need to create one Authentication Service role for each of them.