For Security Center to receive claims from an ADFS server using the WS-Trust or WS-Federation protocols, you must create and configure an Authentication Service role.
Before you begin
- All ADFS servers involved in the trust chain are fully configured.
- ADFS groups are mapped to Security Center user groups.
What you should know
Create one Authentication Service role for WS-Trust or WS-Federation in Security Center for each root ADFS. In our sample scenario, the local ADFS server is the root ADFS; therefore only one Authentication Service role is needed.
If you do not have a local ADFS server but multiple independent third-party ADFS servers acting as identity providers for Security Center, you need to create one Authentication Service role for each of them.
Unlike Azure and Okta, Security Center does not offer much assistance in the identity provider configuration when you create an Authentication Service role with Provider:Other.