When users access resources on the ADFS server, they need to have two roles assigned: a ClaimApp role and a TokenApp role. The following steps explain how to create these two roles so that they are assigned to all users that log in to Identity Server.
Click Devices > Identity Servers > Servers > Edit > Roles > Manage Policies.
Click New, specify a name for the policy, select Identity Server: Roles, and click OK.
On the Rule 1 page, leave Condition Group 1 blank.
With no conditions to match, this rule matches all authenticated users.
In the Actions section, click New > Activate Role.
Specify ClaimApp.
In the Actions section, click New > Activate Role.
Specify TokenApp.
Click OK > OK.
Click Apply Changes.
Click Close.
On the Roles page, select the role policy you just created, then click Enable.
Click OK.
Update Identity Server.
Continue with Importing the ADFS Signing Certificate into the NIDP-Truststore.