Notifications

144 views

Issue

Description

Use sAMAccountName as Name ID policy in Identity Provider record.

 

Applicable Versions

All versions. 

 

Procedure

In ServiceNow, make sure the following properties are configured:

  • Multi-Provider SSO > Identity Providers > [Your IdP record] > User Field: user_name
  • Identity Providers > [Your IdP record] > NameID Policy: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  • Multi-Provider SSO > Administration > Properties > The field "User Identification": user_name 

 

In your ADFS, make sure the following Claim Rules are configured:

  • Claim Rule Name: Get LDAP Claims > Mapping of LDAP Attributes > LDAP Attribute: sAMAccountName | Outgoing Claim Type: Name ID
  • Claim Rule Name: Email to Name ID > Incoming claim type: sAMAccountName | Outgoing claim type: Name ID | Outgoing name ID format: Unspecified

 

 

Article Information

Last Updated:2019-08-02 20:44:02
Published:2019-05-08