To use Access Identity federation with AD FS 2016 (or above), you will need to perform the following:
- Open the AD FS Management tool, selecting Application Groups followed by Add Application Group. 
- Enter Access Identity as the Name. 
- Select Web browser accessing a web application as the Template and click Next. 
- Copy the generated Client Identifier (this will be needed later when configuring Access Identity). 
- Enter https://identity.accessacloud.com/auth/oidc/callback as the Redirect URI and select Add. 
- Select Next and then choose Permit everyone as your Access control policy. 
- Continue by clicking Next until you can select Close. 
- Select the Application Group you have just created, then select Properties. 
- Select Access Identity β Web application and click Edit. 
- Select the Issuance Transform Rules and select Add Rule. 
- Verify Claim rule template is set to Send LDAP Attributes as Claims and select Next. 
- Set the Claim rule name to Email. 
- Change Attribute store to Active Directory. 
- Change the LDAP Attribute to E-Mail-Addresses. 
- Change the Outgoing Claim Type to E-Mail Address. 
- Select Finish. 
- Select the Client Permissions tab and select email as a Permitted scope. 
- Select OK. 
You have now added Access Identity as an Application to your AD FS 2016 (or above) environment. You can now configure Access Identity to use this OpenID Connect Identity Provider.

