Configure claim rules
- On the Edit Claim Rules wizard, select Send LDAP Attributes as Claims and clickNext.

- Name the Claim Rule and select Active Directory from Attribute Store menu.

- Add claim rules according to the following table:LDAP AttributeOutgoing Claim TypeUser-Principal-NameName IDUser-Principal-NameUPNGiven-NameGiven NameSurnameSurnameE-Mail-AddressesPrimary SIDMake sure that the value given to the UPN claim is the same as the value given to the primary SID claim as shown in the following example:<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"> <saml:AttributeValue xsi:type="xs:string"> </saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"> <saml:AttributeValue xsi:type="xs:string"> </saml:AttributeValue></saml:Attribute>
- ClickOK.
- On the General tab, use mail attribute as a secondary ID.
