...
After adding the UPN claim Edit it and make sure to set (If you want guest invites to access the DAM)
...
Make sure to select ONLY ‘Groups assigned to the application’ :
...
This in order to prevent a ‘HTTP 400 - Bad Request (Request header too long)’ or similar error if a lot of security groups are passed via the request.
Now get the Metadata federation URL its needed in the next part:
...