Issuance Authorization Rules in Windows Server 2012

On Windows 2012 and 2012 R2, you can use issuance authorization rules to permit or deny users access to ShareBase. For detailed information about issuance authorization rules, see the following documentation from Microsoft:

To limit ShareBase access to specific groups:

  1. In AD FS Management, right-click the relying party trust you created for the ShareBase IdP.
  2. Select Edit Claim Rules. The Edit Claim Rules dialog box is displayed.
  3. Select the Issuance Authorization Rules tab.
  4. If the Permit Access to All Users rule exists, select it and click Remove Rule.
  5. Click Add Rule. The Add Issuance Authorization Claim Rule Wizard is displayed.
  6. Select Permit or Deny Users Based on an Incoming Claim.
  7. Click Next.
  8. Give the claim rule a descriptive name.
  9. Under Incoming claim type, select Group SID.
  10. Under Incoming claim value, click the Browse button. The Select User, Computer, or Group dialog box is displayed.
  11. Enter the name of each group that should be allowed access to ShareBase. Use the Check Names button to make sure each group name is valid.
  12. Click OK.
  13. Select Permit access to users with this incoming claim.
  14. Click Finish.