1. On the Attribute Sources & User Lookup tab, click Add Attribute Source.
  2. On the Data Store tab, enter an attribute source ID and description of your choosing.
  3. In the Active Data Store list, select the datastore connection that you created in Configuring an LDAP connection.
  4. On the LDAP Directory Search tab, in the Base DN field, enter the base DN that contains the users whose attributes you want to retrieve.
  5. In the Root Object Class list, select <Show All Attributes>.
  6. In the Attribute list, select objectGUID. Click Add Attribute.
  7. In the Attribute list, select userPrincipalName. Click Add Attribute. Click Next.
  8. On the LDAP Binary Attribute Encoding Types tab, click Next.
  9. On the LDAP Filter tab, enter a filter to limit the search, and then click Next.

    In this context, ${username} contains the username from the HTML Form Adapter that PingFederate presents during browser-based SSO.

  10. Click Done.