When SAML is used for authentication, the response from the IdP contains a number of claims (user properties). In an M3 environment, the SAML Session Provider is configured to use the Person claim as the user name for grid users.
The diagram shows an M3 environment with a Grid, AD FS, AD and IFS. The environment has been configured according to the recommendations for authentication. Specifically, the SAML Session Provider has been configured to use the Person claim as the user name, IFS has been configured with values for the IFS Person ID property for all users, and AD FS has been configured to emit the Person claim at logon.
The flow in the diagram is the same if InforSTS is used as IdP instead of AD FS.