A user matching expression is a set of logic groups with attributes that uniquely identify a user. User matching expressions enable you to map Liberty attributes to the correct LDAP attributes during searches. You must know the LDAP attributes to identify unique users in the user store.
To use user matching, the Personal Profile must be enabled. It is enabled by default. If you have disabled it, you need to enable it. See Managing Web Services and Profiles.
Click Devices > Identity Servers > Servers > Edit > SAML 1.1 > [Identity Provider] > User Identification.
To configure the match method, click Attribute Matching settings.
Select and arrange the user stores you want to use.
Order is important. The user store at the top of the list is searched first. If a match is found, the other user stores are not searched.
Select a matching expression, or click New to create a look-up expression. For information about creating a look-up expression, see Configuring User Matching Expressions.
Click OK.
Update Identity Server.