Description

Use sAMAccountName as Name ID policy in Identity Provider record.

 

Applicable Versions

All versions. 

 

Procedure

In ServiceNow, make sure the following properties are configured:

• Multi-Provider SSO > Identity Providers > [Your IdP record] > User Field: user_name
• Identity Providers > [Your IdP record] > NameID Policy: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
• Multi-Provider SSO > Administration > Properties > The field "User Identification": user_name 

 

In your ADFS, make sure the following Claim Rules are configured:

• Claim Rule Name: Get LDAP Claims > Mapping of LDAP Attributes > LDAP Attribute: sAMAccountName | Outgoing Claim Type: Name ID
• Claim Rule Name: Email to Name ID > Incoming claim type: sAMAccountName | Outgoing claim type: Name ID | Outgoing name ID format: Unspecified