After creating a SAML app, create a relying party trust in the Active Directory Federated Service (AD FS) Management console.
In the AD FS Management console, from the left navigation pane, navigate to AD FS > Trust Relationships.
Right-click Relying Party Trusts, and then click Add Relying Party Trust.
The Welcome page of the Add Relying Party Trust Wizard window appears.
On the Select Data Source page, click Import data about the relying party from a file.
In the Federation metadata file location box, browse to the location of the SP metadata that you placed on the AD FS machine.
Continue to go through the wizard, referring to Microsoft documentation to configure additional features such as multi-factor authentication and issuance authorization rules.
After you complete the wizard, click Close.
The Edit Claim Rules dialog box appears.
On the Issuance Transform Rules tab, click Add Rule.
The Select Rule Template page of the Add Transform Claim Rule Wizard window appears.
From the Claim rule template list, click Send LDAP Attributes as Claims.
The Configure Rule page appears.
In the Claim rule name box, enter a name for the rule.
From the Attribute store list, click Active Directory.
In the Mapping of LDAP attributes to outgoing claim types table, add the LDAP attribute and the outgoing claim type:
From the LDAP Attribute list, select User Principal Name or Email Addresses.
From the Outgoing Claim Type list, select Name ID.
Note: For Active Directory users who log on using SAML, the user name, fullname, GUID, usergroups, email, and UPN is extracted from the Active Directory that is configured in the Commvault software. Therefore, creating the E-mail-Address (or) User Principal Name claim configuration is sufficient.
After the user is authenticated at IDP, AD FS sends user details in the following format:
Click Finish, and then click OK.