Set the issuance transform rules for AD FS 4.0
- On the Active Directory Federation Services server, download the Workspaces SAML metadata from https://<workspaces.server.address>/saml-idp/saml/metadata.
- ClickStart > AD FS Manager.
- In the left-hand menu, clickRelying Party Trust.
- In the Relying Party Trust Wizard, clickAdd Relying Party Trust.
- Select theClaims Awareoption.
- In the Select Data Source section, select theImport data about the relying party from a fileoption.
- ClickBrowseand navigate to the metadata.xml from step 1.
- ClickNext.
- Type a Display name, such as BlackBerry Workspaces, and clickNext.
- In the Choose Access Control Policy section, selectI do not want to configure access policies at this time. No user will be permitted access for this applicationor adjust to match your organization's policy and clickNext.
- Leave the options in the Ready to Add Trust section at the default values and clickNext.
- In the Finish section, select theConfigure claims issuance policy for this applicationoption and clickClose.
- In the Edit Claim Issuance Policy dialog box, clickAdd Rule.
- In theClaim rule templatelist, selectSend LDAP Attribute as Claims.
- In theClaim Rule Namefield, typeGet LDAP Attributes.
- In theMapping of LDAP attributes to outgoing claim typestable, configure the following LDAP attributes.
- User-Principal-Name = Name ID
- Display-Name = Given Name
- ClickOK.