Group claims from AD FS (SAML)

Owned by Audun Røe (Unlicensed)
Last updated: Aug 06, 2020 by Steinar Line
2 min read

Configuring AD FS to send group claims is fairly straight forward.

Log into your AD FS server and open the AD FS Management app. Locate and right click the relaying party trust (e.g. 17gu85ydc9ji2@issues.example.com) and select Edit Claim Issuance Policy or Edit claim rules (AD FS 3.0 and 2.0)

Select Add Rule, then Send Group Membership as a Claim.

Choose an appropriate rule name.

Select a group that users are members of.

Outgoing claim type: Group.

The group value sent by AD FS (this value must match a group found in JIRA)



Add a rule for each group to be sent as a SAML group claim.

Once AD FS has been configured to send group claims, a test should be run. If group claims are detected on the SAML Request, the test page will display this along with options for further configuration.