Prepare Client Computers for Federation
Applies To: Windows Server 2008
The easiest way for an administrator in the account forest to prepare client computers for access to Active Directory Federation Services (AD FS) federated applications is to use Group Policy. Group Policy provides a convenient way for you to push specific certificates and settings that are required for federation down to all the client computers that will be used to access federated applications.
So that your client computers can seamlessly access federated applications without certificate prompts or trusted site–related prompts, we recommend that you first prepare each client computer before you deploy AD FS broadly in your organization. Consider using Group Policy to:
Configure Internet Explorer on each client computer to trust the account federation server.
For more information, see Configure Client Computers to Trust the Account Federation Server.
Install the appropriate account federation server, resource federation server, and AD FS-enabled Web server Secure Sockets Layer (SSL) certificates (or equivalent certificates that chain to a trusted root) on each client computer.
For more information, see Distribute Certificates to Client Computers Using Group Policy.