Setting up ADFS Claim Rule for PrecisionLender Single Sign-On

Banks connecting PrecisionLender to an internal ADFS Identity Provider may need to create a Claim Rule mapping as follows: 

  1. Open up ADFS 2.0.
  2. Trust Relationships > Relying Party Trusts. Right click on the Relying Party > Edit Claim Rules… > Add Rule…

Shows add rule pop-up window

  1. In the Select Rule Template dialog > Claim rule template list, select “Transform an Incoming Claim”, and hit Next.

Shows drop-down menu with Transform an Incoming Claim option selected

  1. Enter a Claim rule name. In the Incoming claim type list, select Windows account name.
  2. Claim name = User Account Name (this is free-form text)
    1. Incoming claim type = Email Address
    2. Incoming name ID format = Unspecified (grayed out and can't be changed)
    3. Outgoing claim type = Name ID
    4. Outgoing name ID format = Email
    5. Chose the option "Pass through all claim values"
  3. Click on View Rule Language and you should see something like this: 
    Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

 

Reference article from PingOne: