The Active Directory step-by-step guide sets up the roles to be used by the resources. You set them up to be sent in the All Roles attribute from Identity Server. You must map these roles into the Adatum ClaimApp Claim and the Adatum TokenApp Claim.
In the Active Directory Federation Services console, click the account partner that you created for Identity Server (see Creating an Account Partners Configuration).
Right-click the account partner, then create a new Incoming Group Claim Mapping with the following values:
Incoming group claim name: Specify ClaimApp.
Organization group claim: Specify Adatum ClaimApp Claim.
Right-click the account partner, and create another Incoming Group Claim Mapping with the following values:
Incoming group claim name: Specify TokenApp.
Organization group claim: Specify Adatum TokenApp Claim.
Continue with Disabling CRL Checking.