Configuring an ADFS claim rule for SSO

Authentication of an SSO-enabled Skytap user with Active Directory Federation Services (ADFS) requires a properly configured claim rule in the ADFS. If not properly created, the following error displays when the user attempts to sign in using SSO:

ADFS error

To correctly configure the claim rule using Microsoft ADFS Server
  1. Under Relying Party Trusts click Skytap/PingOne Connection. (This should have been previously created using the “pingone-metadata-sp.xml” file provided by support.)
  2. Under Actions, click Edit Claim Rules to view the list of rules for the Skytap/PingOne Relying Party Trust Connection: trusts
  3. On the Issuance Transform Rules tab, click Edit Rule to correct an existing claim rule. If none exists, click Add Rule to add a new one: edit claim
  4. Edit or create a claim rule mapping the user-principal-name to the NameID outgoing claim type. rule details
  5. Click OK to save the new claim rule.