Configuring attribute source and user lookup for token processors

Page created: 5 Mar 2021 |

Page updated: 8 Feb 2022

| 1 min read

Microsoft Azure AD Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

Complete the following to configure attribute source and user lookups for the HTML Form Adapter instance and token processor parts of the setup process.

On the Attribute Sources & User Lookup tab, click Add Attribute Source.
On the Data Store tab, enter an attribute source ID and description of your choosing.
From the Active Data Store list, select the datastore connection that you created in Configuring an LDAP connection.
On the LDAP Directory Search tab, in the Base DN field, enter the base DN that contains the users whose attributes you want to retrieve. For example, CN=Users,DC=contoso,DC=com.
From the Root Object Class list, select <Show All Attributes>.
From the Attribute list, select objectGUID. Click Add Attribute.
From the Attribute list, select userPrincipalName. Click Add Attribute. Click Next.
On the LDAP Binary Attribute Encoding Types tab, click Next.
On the LDAP Filter tab, enter a filter to limit the search, and then click Next.
Example filter for a username token processor:
```
(|(sAMAccountName=${username})(userPrincipalName=${username}))
```
Example filter for a Kerberos token processor:
```
userPrincipalName=${principal}
```
Note:
In this context, the username is always sent as a UPN.
Click Done.