Use Windows Login as the Name ID

For users on Windows environments, the recommended solution is to use ADFS and Windows account names. Windows logins are required if you intend to automatically create and update user accounts from SAML.

If the Add Transform Claim Rule Wizard is not already open, select CSM Relying Party, and then select Edit Claim Rules (on the right), and then select Add Rule on the Issuance Transform Rules tab.

To use Windows Login as the Name ID:

  1. For Claim rule template, select Transform an Incoming Claim, and then select Next.
  2. Provide a name for the claim rule (example: Windows account name).
  3. In the Incoming claim type field, select Windows account name.
  4. In the Outgoing claim type field, select Name ID.
  5. In the Outgoing name ID format field, select Kerberos Principal Name.
  6. Select Select Pass through all claim values.

    Transform Claim Wizard SAML Name ID

  7. Select Finish.