1. On the Authentication Source Mapping tab, click Map New Adapter Instance.
  2. On the Adapter instance tab, in the Adapter Instance list, select the HTML Form Adapter instance that you created in Configuring an IdP adapter. Click Next.
  3. On the Virtual Server IDs tab, if you have a single domain, click Next.
  4. If you configured virtual server IDs on the General Info tab of the connection and have a separate HTML Form Adapter instances for each subdomain:
    1. Select the Restrict Virtual Server IDs check box.
    2. Select the check box for the virtual server ID that represents the subdomain associated with this HTML Form Adapter instance.
    3. Click Next.
  5. If you configured virtual server IDs on the General Info tab of the connection and use a single HTML Form Adapter instances for all subdomains:
    1. Leave the Restrict Virtual Server IDs check box unselected. Click Next.
    2. (Recommended) When you reach the Issuance Criteria tab later in the setup process, create an OGNL expression to protect against unauthorized access.
  6. On the Mapping Method tab, select Retrieve additional attributes from multiple data stores using one mapping. Click Next.
  7. On the Attribute Sources & User Lookup tab, complete the steps in Configuring attribute source and user lookup for HTML Form Adapter instances, and then click Next.
  8. On the Attribute Contract Fulfillment tab, create the following mappings, and then click Next.
    Attribute Contract Source Value

    ImmutableID

    LDAP (<Your datastore>)

    objectGUID

    SAML_SUBJECT

    LDAP (<Your datastore>)

    objectGUID

    UPN

    		 LDAP (<Your datastore>)

    userPrincipalName

    SAML_NAME_FORMAT

    Text

    urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  9. If you use a single HTML Form Adapter instance for users in multiple subdomains, on the Issuance Criteria tab, create an OGNL expression verify the virtual server ID and other conditions, such as group membership.
    Note:

    For help with OGNL expressions, see Defining issuance criteria for IdP Browser SSO, Enabling and disabling expressions and Constructing OGNL expressions in the PingFederate documentation.

  10. Click Next
  11. On the Summary tab, click Done.