Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Workspaces
  3. BlackBerry Workspaces Server 11
  4. BlackBerry Workspaces SAML SSO Integration Guide
  5. AD FS
  6. Configuring the BlackBerry Workspaces Settings for AD FS 4.0
  7. Set the issuance transform rules for AD FS 4.0

Set the issuance transform rules for AD FS 4.0

  1. On the Active Directory Federation Services server, download the Workspaces SAML metadata from https://<workspaces.server.address>/saml-idp/saml/metadata.
  2. Click 
    Start > AD FS Manager
    .
  3. In the left-hand menu, click 
    Relying Party Trust
    .
  4. In the Relying Party Trust Wizard, click 
    Add Relying Party Trust
    .
  5. Select the 
    Claims Aware
     option.
  6. In the Select Data Source section, select the 
    Import data about the relying party from a file
     option.
  7. Click 
    Browse
     and navigate to the metadata.xml from step 1.
  8. Click 
    Next
    .
  9. Type a Display name, such as BlackBerry Workspaces, and click 
    Next
    .
  10. In the Choose Access Control Policy section, select 
    I do not want to configure access policies at this time. No user will be permitted access for this application
     or adjust to match your organization's policy and click 
    Next
    .
  11. Leave the options in the Ready to Add Trust section at the default values and click 
    Next
    .
  12. In the Finish section, select the 
    Configure claims issuance policy for this application
     option and click 
    Close
    .
  13. In the Edit Claim Issuance Policy dialog box, click 
    Add Rule
  14.  In the 
    Claim rule template
     list, select 
    Send LDAP Attribute as Claims
    .
  15. In the 
    Claim Rule Name
     field, type 
    Get LDAP Attributes
    .
  16. In the 
    Mapping of LDAP attributes to outgoing claim types
     table, configure the following LDAP attributes. 
    • User-Principal-Name = Name ID
    • Display-Name = Given Name
  17. Click 
    OK
    .