Share via

ADFS Email address in Name ID

Robbie Garrett 1 Reputation point
2022-01-21T20:57:57.557+00:00

Hey all.

I have been spinning my wheels on this one when trying to get ADFS to integrate with a OKTA setup.

our ADFS server is running 2016, so I believe its v 2.

when I try to use Email Address or AD FS 1x E-Mail Address, the NAME ID is not shown the SAML. If i use something like IP address or inside network, I see NAME ID.

However, I can do an Attribute store pull from AD with the Email address of the user without issue.

Microsoft Security Active Directory Federation Services
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pierre Audonnet - MSFT 10,191 Reputation points Microsoft Employee
    2022-01-25T20:22:20.627+00:00

    AD FS on Windows Server 2016 is commonly refered to as ADFS v4.

    If you need to do is send the actual user's email address as a Name ID of Email type to a relying party, you can use the following mapping:

    1. Extract the email address of the user as map it as the E-Mail Address claim with rule wizard Send LDAP Attributes as Claims:
      168469-image.png
    2. Then you can map the Name ID with a Transform an Incoming claim rule:
      168474-image.png
      You can also pick another format there according to your application's requirements.

    (the rules need to be in this order)

    Of course, that will work only if the user actually has a mail attribute. If you want to send the userPrincipalName (UPN) as a Email Name ID type too.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.