Description
Use sAMAccountName as Name ID policy in Identity Provider record.
Applicable Versions
All versions.
Procedure
In ServiceNow, make sure the following properties are configured:
- Multi-Provider SSO > Identity Providers > [Your IdP record] > User Field: user_name
- Identity Providers > [Your IdP record] > NameID Policy: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- Multi-Provider SSO > Administration > Properties > The field "User Identification": user_name
In your ADFS, make sure the following Claim Rules are configured:
- Claim Rule Name: Get LDAP Claims > Mapping of LDAP Attributes > LDAP Attribute: sAMAccountName | Outgoing Claim Type: Name ID
- Claim Rule Name: Email to Name ID > Incoming claim type: sAMAccountName | Outgoing claim type: Name ID | Outgoing name ID format: Unspecified