Banks connecting PrecisionLender to an internal ADFS Identity Provider may need to create a Claim Rule mapping as follows:
- Open up ADFS 2.0.
- Trust Relationships > Relying Party Trusts. Right click on the Relying Party > Edit Claim Rules… > Add Rule…
- In the Select Rule Template dialog > Claim rule template list, select “Transform an Incoming Claim”, and hit Next.
- Enter a Claim rule name. In the Incoming claim type list, select Windows account name.
- Claim name = User Account Name (this is free-form text)
- Incoming claim type = Email Address
- Incoming name ID format = Unspecified (grayed out and can't be changed)
- Outgoing claim type = Name ID
- Outgoing name ID format = Email
- Chose the option "Pass through all claim values"
- Click on View Rule Language and you should see something like this:
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
Reference article from PingOne: