We have the following name id formats to choose from.
- unspecified
- emailAddress
- X509SubjectName
- WindowsDomainQualifiedName
- kerberos
- entity
- persistent
- transient
If I need the UPN value of an user to be returned by my IDP (say Azure or ADFS, etc) which nameid format should I choose? Should I configure my IDP to send the UPN value with 'unspecified' as the nameid format or should I go choose persistent? Or is there any other recommended nameid format for sending/requesting UPN?
Understand that as the SP, you generally define the contract that is required to utilize your service. There's rarely a reason to not use unspecified, unless your federation tool supports some automated validation of the attribute against the format definition.
Even if your tool does support that validation, that doesn't absolve of doing your own validation of the data.
As such, I would choose unspecified. It offers the most flexibility.