Setting the claim‑issuance policy for GroupRule

  1. From the AD FS window, click Relying Party Trusts, and then right-click the applicable relying‑party trust.
  2. Click Edit Claim Issuance Policy, and then Add Rule.
  3. From the Claim rule template list, select Send LDAP Attributes as Claims.
  4. In the Claim rule name field, type GroupRule.
  5. From the Attribute store list, select Active Directory.
  6. Set LDAP attribute to Token-Groups - Unqualified Names, and then set Outgoing Claim Type to MVEGroup.
  7. Click Finish.