Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Configure AD FS servers for auditing - Configure claims

    For each relying party that needs to be audited, the following six claim rules need to be added:

    1. Primary SID
    2. UPN
    3. Client IP
    4. Inside Corporate Network
    5. Proxy
    6. Forwarded Client IP

    To check which claim rules have already been added:

    1. Log in to the AD FS server with Domain Admin credentials.
    2. Open the AD FS management console > Trust Relationships > Relying Party Trusts.
    3. Right-click on the relying party > Edit Claim Rules (or Edit Claim Issuance Policy in case of Windows 2016), and check if all six of the above claim rules have been added.

    To add any missing claim rules:

    1. Log in to the AD FS server with Domain Admin credentials. Open the AD FS management console > Trust Relationships > Relying Party Trusts.
    2. Right-click on the relying party > Edit Claim Rules (or Edit Claim Issuance Policy in case of Windows 2016).
    3. Click Add Rule. From the Claim rule template drop down, select Pass Through or Filter an Incoming Rule and click Next.
    4. In the Claim rule name field, enter a suitable name.
    5. Under Incoming claim type, select the claim rule type which you need to add, and select Pass through all claim values.
    6. Click Finish.

      Installing the client-side agent from ADAudit Plus' UI

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

    On this page

    Get download link