Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Workspaces
  3. BlackBerry Workspaces Server 12
  4. BlackBerry Workspaces SAML SSO Integration Guide
  5. AD FS
  6. Configuring the BlackBerry Workspaces Settings for AD FS 4.0
  7. Set the issuance transform rules for AD FS 4.0

Set the issuance transform rules for AD FS 4.0

  1. On the Active Directory Federation Services server, download the Workspaces SAML metadata from https://<workspaces.server.address>/saml-idp/saml/metadata.
  2. Click
    Start > AD FS Manager
    .
  3. In the left-hand menu, click
    Relying Party Trust
    .
  4. In the Relying Party Trust Wizard, click
    Add Relying Party Trust
    .
  5. Select the
    Claims Aware
     option.
  6. In the Select Data Source section, select the
    Import data about the relying party from a file
     option.
  7. Click
    Browse
     and navigate to the metadata.xml from step 1.
  8. Click
    Next
    .
  9. Type a Display name, such as BlackBerry Workspaces, and click
    Next
    .
  10. In the Choose Access Control Policy section, select
    I do not want to configure access policies at this time. No user will be permitted access for this application
     or adjust to match your organization's policy and click
    Next
    .
  11. Leave the options in the Ready to Add Trust section at the default values and click
    Next
    .
  12. In the Finish section, select the
    Configure claims issuance policy for this application
     option and click
    Close
    .
  13. In the Edit Claim Issuance Policy dialog box, click
    Add Rule
    .
  14. In the
    Claim rule template
     list, select
    Send LDAP Attribute as Claims
    .
  15. In the
    Claim Rule Name
     field, type
    Get LDAP Attributes
    .
  16. In the
    Mapping of LDAP attributes to outgoing claim types
     table, configure the following LDAP attributes.
    • User-Principal-Name = Name ID
    • Display-Name = Given Name
  17. Click
    OK
    .