The steps to create an Application Group in ADFS are described below. Note that the following steps were derived from Active Directory Federation Services for Windows Server 2016.
The Application Group is now created and should be listed in the Application Groups pane. In order to populate the user tokens with the appropriate information during OAuth exchanges, some additional configuration steps are needed to transform Active Directory data into token claims.
In order to configure ADFS federation in your vCenter Server, you will need to know your ADFS server's OpenID Configuration URL. This is the standard OpenID Connect (OIDC) Discovery Endpoint that advertises OIDC metadata information about an OAuth identity provider. It is a well-known address that is typically the issuer endpoint concatenated with the path “/.well-known/openid-configuration”. For example: https://adfsserver01.corp.local/adfs/.well-known/openid-configuration
To obtain the OpenID Address for your ADFS server: