Microsoft Active Directory Federation Services (ADFS) and Azure Active Directory SAML assertion to Verify credential token mapping
ADFS and Azure are the most commonly used SAML Enterprise identity sources. The following sections provide configuration details such as how to map the user's identity and attributes between an incoming SAML assertion and a Verify credential token.
| Verify standard attribute name | Azure SAML assertion attribute name | ADFS SAML assertion attribute name |
|---|---|---|
preferred_username |
subjectNameID |
subjectNameID |
given_name |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
family_name |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
name, displayName |
http://schemas.microsoft.com/identity/claims/displayname |
Not applicable |
email, emailAddress |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
groupIds |
http://schemas.microsoft.com/ws/2008/06/identity/claims/role |
http://schemas.xmlsoap.org/claims/Group |
employee_id |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid |
http://schemas.microsoft.com/identity/claims/ |
realmName |
realmName
Note: If the
realmName attribute is not specified in the SAML assertion, it is derived from the
<saml:Issuer>. |
realmName
Note: If the
realmName attribute is not specified in the SAML assertion, it is derived from the
<saml:Issuer>. |
mobile_number |
mobile_number |
mobile_number |
work_number |
work_number |
work_number |
employee_id |
|
|
department |
department |
department |
job_title |
job_title |
job_title |