About Simple and Chained ADFS Identity Providers

When creating a SharePoint Server source, in the Authentication section, you must provide information related to your ADFS identity providers, if you use them to authenticate users (see Add or Edit a SharePoint Server Source).

If your authentication configuration uses only one ADFS identity provider, you have a Simple ADFS configuration (see Simple ADFS Identity Provider). If your users are authenticated using two ADFS identity providers trusting each other, you have a Chained ADFS configuration (see Chained ADFS Identity Providers).

You must choose the corresponding option in the Authentication section dropdown menu and enter the required information in the boxes underneath.

Simple ADFS Identity Provider

In a simple ADFS identity provider configuration, the ADFS identity provider is also the relying party for SharePoint. ADFS sends a token to SharePoint to confirm user authentication.

CCV2-ADFS_IdP-Simple

Chained ADFS Identity Providers

In a configuration with two chained ADFS identity providers, one of the ADFS servers authenticates users, and the other acts as a relying party for SharePoint. The two ADFS servers trust each other, and SharePoint trusts its relying party as well. When the ADFS identity provider authenticates a user, it sends a token to the ADFS relying party to confirm user authentication, and the ADFS relying party in turn confirms it to SharePoint.

CCV2-ADFS_IdP-Chained