As a claims issuer, VMware Workspace ONE Access sends security tokens containing authentication claims to AD FS. Claim rules define the content of these claims and transform them into a format that AD FS can recognize and consume.

1. If needed, open the Edit Claim Rules window on the AD FS server by performing the following steps.
   1. Run the AD FS Management console as an administrator.
   2. (AD FS 3.0) In the left pane, expand the Trust Relationships folder.
   3. In the left pane, select Claims Provider Trusts.
   4. In the center pane, select the claims provider trust that you created for VMware Workspace ONE Access.
   5. In the right pane, click Edit Claim Rules.
   
   
   
2. In the Edit Claim Rules window, click Add Rule.
   
   
   
   The Add Transform Claim Rule Wizard appears.
3. For Claim rule template, select Send Claims Using a Custom Rule. Then click Next.
   
   
   
   The Configure Rule page appears. You can now create a rule that transforms the incoming Name ID attribute into the WindowsAccountName value formatted as domain\user. The rule also names Active Directory as the issuer of this value.
4. On the Configure Rule page, perform the following steps.
   1. For Claim rule name, enter a descriptive name for the rule.
   2. In the Custom Rule text box, enter the following rule.

   c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", 
   Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] == 
   "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"]
   
   
   => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", 
   Issuer = "AD AUTHORITY", OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
   

   
   
   
5. Click Finish.
6. In the Edit Claim Rules window, verify that the custom rule you created appears in the list.
   
   
   
7. Click Apply, and then click OK.