Skip to main content

Creating Claim Rules

By default the Claim Rule Editor opens once you created the relying party trust.

ADFS_11.png

To create a new rule:

  1. Click <Add Rule>. The Select Rule Template dialog appears.

    ADFS_21.png
  2. Select Send LDAP Attributes as Claims from the Claim rule template drop-down list. The Edit Rule dialog is displayed.

    ADFS_31.png
  3. Enter a Claim rule name, for example Rule 1.

  4. Select Active Directory from the Attribute Store dropdown list.

  5. Map the following attributes to the rule:

    • From the first LDAP Attribute column, select SAM-Account-Name.

    • From the first Outgoing Claim Type, select Windows account name.

    • From the second LDAP Attribute column, select E-Mail Address.

    • From the second Outgoing Claim Type, select E-Mail Addres

  6. Click <OK> to save the new rule.

  7. In the Claim Rule Editor, click <Add Rule> to add another rule. The Select Rule Template dialog appears.

    ADFS_41.png
  8. Select Transform an Incoming Claim from the Claim Rule Template drop-down list. The Configure Rule dialog appears.

    ADFS_51.png
  9. Enter a Claim rule name, for example Rule 2.

  10. Select Active Directory from the Attribute Store drop-down list.

  11. Define the following attributes to the rule:

    • From the Incoming claim type drop-down, select E-Mail Address.

    • From the Outgoing claim type drop-down, select Name ID.

    • From the Outgoing name ID format drop-down, select Email.

  12. Keep Pass through all claim values selected.

  13. Click <Finish> to save the new rule. The rule order should look similar to the following example.

    ADFS_61.png
  14. Click <OK> to complete creating the new rule.