Configure claim rules

  1. On the Edit Claim Rules wizard, select Send LDAP Attributes as Claims and click
    Next
    .
  2. Name the Claim Rule and select Active Directory from Attribute Store menu.
  3. Add claim rules according to the following table:
    LDAP Attribute
    Outgoing Claim Type
    User-Principal-Name
    Name ID
    User-Principal-Name
    UPN
    Given-Name
    Given Name
    Surname
    Surname
    E-Mail-Addresses
    Primary SID
    Make sure that the value given to the UPN claim is the same as the value given to the primary SID claim as shown in the following example:
    <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"> <saml:AttributeValue xsi:type="xs:string"> </saml:AttributeValue></saml:Attribute>
    <saml:Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"> <saml:AttributeValue xsi:type="xs:string"> </saml:AttributeValue></saml:Attribute>
  4. Click
    OK
    .
  5. On the General tab, use mail attribute as a secondary ID.