- Create Smart Check Admin group on Active Directory and add users to the group.
Note that in this example "SmartCheck-Admin" as group name is used. You may change this to any name but make sure to change the value on Step 2.C as well. - Create Claim Rules.
Under AD FS Management console > Trust Relationships > Relying Party Trust, right-click smartcheck then select "Edit Claim Rules...". Under "Issuance Transform Rules" tab click Add Rule... then create the following Claim Rules:- RoleSessionName
Enter the following:Claim Rule Template Send LDAP Attributes as Claim Claim Rules Name RoleSessionName Attribute Store Active Directoy LDAP Attribute Display-Name Outgoing Claim Type https://deepsecurity.trendmicro.com/SAML/Attributes/RoleSessionName - Extract AD Group.
Claim Rule template Send Claims Using a custom rule Claim rule name Get AD Groups Custom rule c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query = ";tokenGroups;{0}", param = c.Value); - Map AD group to Smart Check role.
Below is where you can change the AD Group. "SmartCheck-Admin" is used in this example. You can also change the Smart Check roles. The default roles are "administrator", "auditor", and "user".Claim Rule template Send Claims Using a custom rule Claim rule name Roles Custom rule EXISTS([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Value == "SmartCheck-Admin"])
=> issue(Type = "https://deepsecurity.trendmicro.com/SAML/Attributes/Role", Value = "administrator"); - Set SAML assertion.
Claim Rule Template Transform an Incoming Claim Claim Rules Name Transform Incoming Claim Type Windows account name Outgoing Claim Type Name ID Outgoing name ID format Persistent Identifier Radio button Pass trough all claim values Claim rules output:
- RoleSessionName
- Login using ADFS URL https://[ADFS-server hostname]/adfs/ls/IdpInitiatedSignon.aspx.
Welcome to the future of Business Support! I'm Trend Companion, your
AI assistant ready to streamline your experience.
Log in for your personalized support!
Chat with Trend Companion for quick answers, or submit a case for
detailed troubleshooting.