Add Attributes Mapping to the Relying Party Trust
1. In AD FS, click Relying Party Trusts in the left menu.
2. Right click on the Relying Party Trust and click Edit Claim Issuance Policy.
3. In the Edit Claim Issuance Policy window, click Add Rule.
4. In the next window, click Next.
5. Provide the following information to configure the new claim rule:
◦ Claim rule name – Enter a name for the new claim rule.
◦ Attribute store – Active Directory.
◦ Mapping of LDAP attributes to outoing claim types – Fill in the attributes as shown in the following image. For more information about the LDAP attributes, see the LDAP Attributes Table below the image.
LDAP Attribute | Outgoing Claim Type | Metadata Attribute Name | Notes |
|---|---|---|---|
Display-Name | Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | Unique user name |
E-Mail-Addresses | E-Mail Address | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | User’s e-mail, if provided |
SAM-Account-Name | Name ID | Empty | |
Is-Member-Of-DL | Group | http://schemas.xmlsoap.org/claims/Group | User’s groups |
User-Principal-Name | UPN | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn | Unique name in e-mail format: user@address.com |
6. When the claim rule attributes are configured, click Finish.
7. On the next screen, click OK.