In a corporate environment, we use the ARIS application deployed on our own infrastructure. We would like to extend its usage within the organization, but for that, we intend to utilize SAML-based Single Sign-On (SSO). The unique identifier in multiple domain environments is the email address.
/t/example-of-configuring-microsoft-active-directory-federation-services-3-0-to-connect-to-software-ag-cloud-as-the-saml-identity-provider/237397 - It was a very helpful assistance.
Based on the documentation, we were able to configure it successfully, but we would like to use an email address instead of a username. If we return an email address in the Name ID claim, it complains about the format.
How can we implement that the value of the username should be an email address?
Zoltan - For ours to work with Azure AD, under the Advanced settings screen, we had to set the “Authentication context comparison” option to “exact” and our “NameID format” is set to “emailAddress”.