Use claims to send LDAP attributes from AD FS to ETP
Before you begin
Claims rules control which Active Directory (AD) attributes are returned to the relying party endpoint once a user authenticates.
In this procedure, you match an LDAP attribute to the Name ID outgoing claim type. The LDAP attribute you specify must match the login preference that you specified for the directory in ETP.
- Right-click on the relying party (for example, IDP-RPT) and select Edit Claims Issuance Policy...
- Click Add Rule...
Select the default Send LDAP Attributes as Claims
template. This template allows the IT administrator to use any of the LDAP
attributes for claim rules.
The Add Transform Claim Rule wizard appears.
Complete these fields:
- Claim rule name. Enter a custom claim rule name.
- Attribute store. Select Active Directory.
- Map an LDAP attribute to the Name ID Outgoing Claim Type. The LDAP attribute you select must match the login preference that you specified for the directory in ETP. For example, if you selected User Principal Name for the login preference, select User-Principal-Name.
- Click Finish.
- Click OK to save in the Edit Claim Rules dialog box.