Skip Navigation

Example: Configure claims mapping for 
Office 365

The following steps provide an example of how to configure basic claims mapping for 
Microsoft Office 365
. Your organization may have different claims mapping requirements.
  1. In the AD FS manager, click 
    Edit Claim Rules
     for the 
    Enterprise Identity
     claims provider that you have configured.
  2. Click 
    Add rule
     > 
    Send claims using a custom role
    .
  3. In the 
    Select Rule 
     template window, in the 
    Claim Rule Template
     drop-down list, select 
    Send Claims Using a Custom Rule
    . Click 
    Next
    .
  4. In the 
    Configure Rule
     window, in the
     Claim rule name
     field, type 
    Pass all claims
    .
  5. In the 
    Custom rule
     pane, enter the following:
    c:[] => issue(claim = c);
  6. Click 
    Finish
  7. In the 
    Configure Rule
     window, in the 
    Claim rule name
     field, type 
    Transform UPN
    .
  8. In the 
    Custom rule
     pane, enter the following:
    c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"] => issue(Type = "http://schemas.xmlsoap.org/claims/UPN", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = regexreplace(c.Value, "^(?
    <user>
    .*)$", "${user}
    <domain_suffix_for_your_users>
    "), ValueType = c.ValueType);
    Where the domain suffix is the email domain for users (for example "${user}@example.com").
  9. Click 
    Finish
    .
  10. In the 
    UEM
     management console, click to 
    Settings
     > 
    BlackBerry Enterprise Identity
     > 
    Services
    .
  11. In the 
    SAML Service
     table, click the ADFS service that you created.
  12. Under 
    Claims
    , in the 
    Name identifier attribute
     drop-down list, select 
    Immutable ID
    .
  13. In the SAML claim attributes table, click  The Add icon . Do the following:
    1. In the Name field, type 
      Username
      .
    2. Under SAML attribute, select  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
    3. Set the SAML claim type to Local.
    4. Set the attribute value to the name that you entered for the claim attribute (for example, Username).
    5. Set the attribute value to anyType.
    6. Click 
      Save
      .
  14. In the SAML claim attributes table, click  The Add icon . Do the following:
    1. In the Name field, type 
      UPN
      .
    2. Under SAML attribute, select http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn.
    3. Set the SAML claim type to Local.
    4. Set the attribute value to the name that you entered for the claim attribute (for example, UPN).
    5. Set the attribute value to anyType.
    6. Click 
      Save
      .
  15. In the SAML claim attributes table, click  The Add icon . Do the following:
    1. In the Name field, type 
      ImmutableID
      .
    2. Under SAML attribute, select  http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID.
    3. Set the SAML claim type to Local.
    4. Set the attribute value to the name that you entered for the claim attribute (for example, ImmutableID).
    5. Set the attribute value to anyType.
  16. Click 
    Save
    .