Some SAML compatible Identity Providers (IdPs) may not transmit UserID information in the expected part of the SAML response. ADFS or Azure AD are two IdPs which may not transmit this information by default. Failure to transmit the UserID in the expected location within the SAML response can lead to certain quality issues. For example, when an administrator approves a title request, an erroneous name may appear in the "Approved By" field of the request.
In order to correct this, the SAML application must be modified to transmit UserID information in the expected location within the SAML response. Below are instructions on how to do this. The goal is to add a transform rule to pass the UPN as the NameID attribute.
(These instructions are intended for users of ADFS and have been adapted from a third party support article.)
Add a second rule to map UPN and NAMEID.
- Click Add Rule.
- In the Claim rule template field, select Transform an Incoming Claim.
- In the Claim rule name field, set a rule name, for example, "UPN and NameID".
- Incoming claim type: Select UPN.
- Outgoing claim type: Select NameID.
- Outgoing name ID format: Select UPN.
- Select Pass through all claim values.
- To enable the auto provisioning feature, the following claims should be issued: email address, first name, and last name.
- Click OK.
Comments
0 comments
Please sign in to leave a comment.