You need to sign in to do that
Don't have an account?
<How to> Using Claims rules to create user in ADFS
Hi, I've configured an ADFS with my Salesforce. Now I am trying to do something like create an Account in my AD then will auto create a user in my salesforce. This is my configuration:
Under my Relying Party Trusts claims rule:
1. Send UDP as Name ID (with this rule i can login with existing AD user)
Then i create another rule:
Order 2
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("User.Username", "User.Email", "User.LastName"), query = ";mail,mail,sn;{0}", param = c.Value);
I am trying to login into Salesforce with a new AD account hopefully it will create a user in my Salesforce says newuser@domain.com. but i keep getting error:
Subject: newuser@domain.com
Unable to map the subject to a Salesforce.com user
What am i missing here? Please help
i found the solution already. Incase anyone having problem setting claim rules in ADFS. This is what i set to auto create user in Salesforce
Send Email Address as User Email
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("User.Email"), query = ";userPrincipalName;{0}", param = c.Value);
Send Surname as User.LastName
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("User.LastName"), query = ";sn;{0}", param = c.Value);
Send UPN as User.Username
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("User.username"), query = ";userPrincipalName;{0}", param = c.Value);
Send ProfileID
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(Type = "User.ProfileID", Value = "00e90000001AmzL", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn: oasis: names: tc: SAML: 2.0: attrname-format: unspecified ");
Thanks.
All Answers
Hello,
Please check if the IP adress of the machine from where yu are login through ADFS to salesforce is within Profile's Login IP Ranges.
i found the solution already. Incase anyone having problem setting claim rules in ADFS. This is what i set to auto create user in Salesforce
Send Email Address as User Email
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("User.Email"), query = ";userPrincipalName;{0}", param = c.Value);
Send Surname as User.LastName
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("User.LastName"), query = ";sn;{0}", param = c.Value);
Send UPN as User.Username
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("User.username"), query = ";userPrincipalName;{0}", param = c.Value);
Send ProfileID
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(Type = "User.ProfileID", Value = "00e90000001AmzL", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn: oasis: names: tc: SAML: 2.0: attrname-format: unspecified ");
Thanks.