The LDAP Binary Attribute Encoding Types window appears when at least one attribute is configured as such in the datastore. Because you cannot use binary attribute data in an assertion to the service provider (SP), you must specify the encoding type that you want to apply during fulfillment. The available choices are Base64, Hex, and SID.


Defining encoding for binary attributes is only applicable to identity provider (IdP) and IdP-to-SP bridging use cases.

  1. To set an encoding type, select a value from the Attribute Encoding Type list.

    Repeat this step for each binary attribute.


Microsoft Office 365 relies on an immutable Active Directory binary attribute associated with user accounts (objectGUID), and requires this binary data to be Base64-encoded to correlate provisioned federated user data to Active Directory accounts. Select Base64 from the Attribute Encoding Type list.

Claims-based authentication with Microsoft Outlook Web App and Exchange admin center (EAC) requires tokenGroups (another binary attribute in Active Directory) to be SID-encoded. Select SID from the Attribute Encoding Type list.