1
00:00:06,490 --> 00:00:09,610
In a single organization at a first deployment.

2
00:00:09,970 --> 00:00:14,230
It might be simple to design and implement claims rules.

3
00:00:14,920 --> 00:00:22,030
In many cases, you might need to provide only the user and group name that Ada first collects from

4
00:00:22,030 --> 00:00:22,630
the claim.

5
00:00:23,620 --> 00:00:26,500
And present to the web server.

6
00:00:27,310 --> 00:00:35,110
In a business to business scenario, it is most likely that you have to configure more complicated claims

7
00:00:35,110 --> 00:00:41,020
rules to define the user access between widely different systems.

8
00:00:42,170 --> 00:00:52,700
Claim rules define how account partners or claim providers create claims and how reserves partners or

9
00:00:53,030 --> 00:00:55,790
rely on partners consume claims.

10
00:00:56,450 --> 00:01:02,960
It first provides several rule templates that you can use when you configure claim rules.

11
00:01:04,780 --> 00:01:14,260
The first template is send l derp attribute health claims to this template that you select specific

12
00:01:14,290 --> 00:01:23,920
attributes in an elder attribute store to populate claims, you can configure multiple l dep attributes

13
00:01:23,920 --> 00:01:31,270
of individuals individual claims in a single claim rule that you create from this template.

14
00:01:31,750 --> 00:01:40,900
For example, you can create a rule that extract the SSN or surname and given name and address attributes

15
00:01:41,140 --> 00:01:49,690
from all authenticated users and then sends this values as I would go in claims to be sent to a land

16
00:01:49,690 --> 00:01:50,260
party.

17
00:01:51,740 --> 00:02:01,160
Another the rulers send group membership as a claim is a template to ascend to a particular claim type

18
00:02:01,460 --> 00:02:08,780
and an associated claim value that is based on the users and their security group membership.

19
00:02:10,040 --> 00:02:17,550
For example, you might use this template to create a rule that sense a group claim type with a value

20
00:02:17,570 --> 00:02:19,310
of sales admin.

21
00:02:19,880 --> 00:02:26,150
If the user is a member of the sales manager security group is, in the end it is the man.

22
00:02:26,960 --> 00:02:35,420
This rule ensures only a single claim based on the added is group that you select as a part of the template.

23
00:02:36,200 --> 00:02:41,420
Another template is passed through or filter and in common claim.

24
00:02:41,990 --> 00:02:49,380
Use this template to assert additional restrictions on which claims are submitted to rely on imported.

25
00:02:49,880 --> 00:02:58,790
For example, you might want to use a user email address as a claim, but forward the email address

26
00:02:58,790 --> 00:03:04,230
on the even the domain suffix on the email address is a date on dot com.

27
00:03:04,760 --> 00:03:12,140
When you use this template, you can either berth through whatever claim you extract from an attribute

28
00:03:12,140 --> 00:03:12,710
store.

29
00:03:13,040 --> 00:03:20,870
Configure rules that filter whether the claim is passed on based on various criteria.

30
00:03:21,940 --> 00:03:27,460
Another template is drones for men and Garmin claim uses template to.

31
00:03:28,570 --> 00:03:37,480
Map the value of an attribute in the claims provider attribute store to a different well in the rely

32
00:03:37,480 --> 00:03:39,010
on party attribute store.

33
00:03:39,460 --> 00:03:47,800
For example, you might want to provide all members of the marketing department and a the datum corporation

34
00:03:48,100 --> 00:03:55,150
limited access to a purchasing application and three resource at research.

35
00:03:55,390 --> 00:04:03,370
The attribute used to define the limited access level might have an attribute of limited purchaser.

36
00:04:04,270 --> 00:04:07,720
To address this scenario, you can configure Reclaim.

37
00:04:08,900 --> 00:04:18,080
It claims rule that transforms an outgoing claim with a department well view of marketing to an income

38
00:04:18,080 --> 00:04:19,480
and claim rhythm.

39
00:04:19,490 --> 00:04:24,950
Application access attribute value of limited purchaser.

40
00:04:25,940 --> 00:04:33,650
Rules created from this template must have and must have a 1 to 1 relationship between the claim and

41
00:04:33,650 --> 00:04:37,850
the claims provider and the claim and the ruling party.

42
00:04:38,960 --> 00:04:46,610
Another dumb Bluetooth permit or deny users based on an incoming claim.

43
00:04:47,180 --> 00:04:55,910
This template is available only when you configure issuance authorization rules or delegation authorization

44
00:04:55,910 --> 00:04:58,550
rules on a ruler empowered to draw.

45
00:04:59,690 --> 00:05:09,410
Use this template to create rules that allow you to deny access to users to a ruling party based on

46
00:05:09,410 --> 00:05:12,290
the type and will or when in common claim.

47
00:05:12,830 --> 00:05:13,520
This claim.

48
00:05:13,520 --> 00:05:23,000
The template allows you to perform an authorization check on the claims provider before claims are sent

49
00:05:23,000 --> 00:05:24,170
to Lamport.

50
00:05:24,770 --> 00:05:33,620
For example, you can use this rule template to create a rule that permits only users from the sales

51
00:05:33,620 --> 00:05:39,410
group to access or allow imported virus authentication.

52
00:05:39,410 --> 00:05:44,900
Requests from members of other groups will not be sent to the ruling party.

53
00:05:46,100 --> 00:05:54,560
If none of the built in claim rule templates provides the functionality that you require, you can create

54
00:05:54,650 --> 00:06:00,380
more complex rules by using the first claim rules language.

55
00:06:01,220 --> 00:06:09,080
However, by creating a custom rule, you can extract claims information from multiple attributes stores

56
00:06:09,440 --> 00:06:13,550
and combine claim types into a single claim rule.

57
00:06:14,460 --> 00:06:19,980
Next up, we'll be talking about how home rail discovery works.