Use claims to send LDAP attributes from AD FS to ETP

Before you begin

Set up relying party trust in AD FS

To redirect users to the AD FS login portal to complete authentication, you also need to configure the LDAP attributes that are sent from AD FS to Akamai Enterprise IdP using claims.

Claims rules control which Active Directory (AD) attributes are returned to the relying party endpoint once a user authenticates.

In this procedure, you match an LDAP attribute to the Name ID outgoing claim type. The LDAP attribute you specify must match the login preference that you specified for the directory in ETP.

How to

  1. Right-click on the relying party (for example, IDP-RPT) and select Edit Claims Issuance Policy...
  2. Click Add Rule...
  3. Select the default Send LDAP Attributes as Claims template. This template allows the IT administrator to use any of the LDAP attributes for claim rules.
    The Add Transform Claim Rule wizard appears.
  4. Complete these fields:
    1. Claim rule name. Enter a custom claim rule name.
    2. Attribute store. Select Active Directory.
    3. Map an LDAP attribute to the Name ID Outgoing Claim Type. The LDAP attribute you select must match the login preference that you specified for the directory in ETP. For example, if you selected User Principal Name for the login preference, select User-Principal-Name.
  5. Click Finish.
  6. Click OK to save in the Edit Claim Rules dialog box.

Next steps

Upload AD FS metadata to ETP IdP