Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Managing services
  5. Managing services in the BlackBerry UEM management console
  6. Add an AD FS Claims Provider service
  7. Example: Configure claims mapping for Office 365

Example: Configure claims mapping for
Office 365

The following steps provide an example of how to configure basic claims mapping for
Microsoft 365
. Your organization may have different claims mapping requirements.
  1. In the AD FS manager, click
    Edit Claim Rules
     for the
    Enterprise Identity
     claims provider that you have configured.
  2. Click
    Add rule
     >
    Send claims using a custom role
    .
  3. In the
    Select Rule
    template window, in the
    Claim Rule Template
     drop-down list, select
    Send Claims Using a Custom Rule
    . Click
    Next
    .
  4. In the
    Configure Rule
     window, in the
    Claim rule name
     field, type
    Pass all claims
    .
  5. In the
    Custom rule
     pane, enter the following:
    c:[] 
            => issue(claim = c);
  6. Click
    Finish
    .
  7. In the
    Configure Rule
     window, in the
    Claim rule name
     field, type
    Transform UPN
    .
  8. In the
    Custom rule
     pane, enter the following:
    c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"] => issue(Type = "http://schemas.xmlsoap.org/claims/UPN", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = regexreplace(c.Value, "^(?
    <user>
    .*)$", "${user}
    <domain_suffix_for_your_users>
    "), ValueType = c.ValueType);
    Where the domain suffix is the email domain for users (for example "${user}@example.com").
  9. Click
    Finish
    .
  10. In the
    UEM
     management console, click to
    Settings
     >
    BlackBerry Enterprise Identity
     >
    Services
    .
  11. In the
    SAML Service
     table, click the ADFS service that you created.
  12. Under
    Claims
    , in the
    Name identifier attribute
     drop-down list, select
    Immutable ID
    .
  13. In the SAML claim attributes table, click The Add icon. Do the following:
    1. In the Name field, type
      Username
      .
    2. Under SAML attribute, select  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
    3. Set the SAML claim type to Local.
    4. Set the attribute value to the name that you entered for the claim attribute (for example, Username).
    5. Set the attribute value to anyType.
    6. Click
      Save
      .
  14. In the SAML claim attributes table, click The Add icon. Do the following:
    1. In the Name field, type
      UPN
      .
    2. Under SAML attribute, select http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn.
    3. Set the SAML claim type to Local.
    4. Set the attribute value to the name that you entered for the claim attribute (for example, UPN).
    5. Set the attribute value to anyType.
    6. Click
      Save
      .
  15. In the SAML claim attributes table, click The Add icon. Do the following:
    1. In the Name field, type
      ImmutableID
      .
    2. Under SAML attribute, select  http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID.
    3. Set the SAML claim type to Local.
    4. Set the attribute value to the name that you entered for the claim attribute (for example, ImmutableID).
    5. Set the attribute value to anyType.
  16. Click
    Save
    .