ADFS has the concept of claim rules which allow you to enumerate, add, delete, and modify claims. This is useful when you want for example introduce extra claims (based on data in a database or AD) or transform incoming claims. I wrote about claim rules before but I want to give a heads up about some of the lessons I learned along the way. Lesson 1 - Claim rules can be configured at 2 levels There are 2 locations in ADFS where you can configure claim rules. The first one is at the level of the relying party: The second is at the level of the claims provider: If you don’t know what either is, a short explanation: In Active Directory Federation Services (ADFS), a claims provider is the entity that authenticates users and issues claims about them. This can be Active Directory but also another IP-STS. A relying party is an application or service that relies on the claims provided by the claims provider to make authorization decisions. Essentially, the claims provider verif...