The following procedures describe the tasks required to configure Active Directory Federation Services (AD FS) 2.0 with Forefront Unified Access Gateway (UAG).

When you use an AD FS 2.0 authentication server, end users that authenticate using the AD FS 2.0 server are automatically added to the Authenticated Users security group. End users that authenticate to Forefront UAG using AD FS 2.0 may not be members of your domain; therefore, you should not base your authorization scheme on the Authenticated Users group. Additionally, if you configure applications (including the log on pages and the portal) with no authorization scheme, only members of the Authenticated Users are able to access the application.