You can use an Active Directory Federation Services (ADFS) server as an identity provider for Security Center, and allow users outside your company to log on by establishing a trust chain from third-party ADFS servers to the Security Center main server.
Before you begin
What you should know
- Users from Company XYZ must access your Security Center system.
- Company XYZ servers are not on the same domain as your servers.
- Company XYZ has an ADFS server using WS-Trust or WS-Federation that relies on Active Directory as the identity provider.
For external users from Company XYZ to access Security Center, a chain of trusts must be established from the Active Directory of Company XYZ to the main server of your Security Center system, as follows:
- Company XYZ must add a relying party trust to their ADFS server for your ADFS server.
Configure your local ADFS server as follows:
- Add a claims provider trust for the third-party ADFS server.
- Configure the claim rules for the third-party claims provider.
- Add a relying party trust for Security Center.
- Configure the claim rules for Security Center.
Configure Security Center to perform
third-party authentication through ADFS.
- Connect to your Security Center system with Config Tool.
- Create a user group for each ADFS group you accept as Security Center user group.
- Create an Authentication Service role for third-party authentication using WS-Trust or WS-Federation.