Receiving a list of values in a Claim from ADFS

Question

I am running an MVC5 project that authenticates with claims received from ADFS. For a specific claim type, I need to include a list of organizations that the user has access to see.

Can this be done by including the list as properties of the Claim, or can it be done in any other way?

If so, how can I set up this Claim in ADFS?

Answer 1

The easiest way is to create a multi-valued attribute in AD for each user that contains the list of organizations.

Then have a normal AD mapping claim rule.

Note that this will not produce a list in one claim, rather multiple claims.

Refer: ADFS : Multi-valued attributes from AD.

The other way is to have each organization as a security group and then make the users membersOf each group as appropriate.

You can then create a group claim rule.

Refer: ADFS : Sending groups as claims.