To customize the configuration for your application, simply click on the Configure link in the SSO Configuration form. In this section, you have the flexibility to set up both optional and mandatory SAML2 Attributes that are necessary for the SAML2 Service Provider (the application you are configuring).
The SAML2 Attributes you set up will be included in the SAML2 assertion that is sent to the Service Provider. The Service Provider determines the specific Attribute Name and values that the SurePassID SAML2 Identity Provider needs to return. The Attribute Name is defined by the Service Provider, while the Attribute Value is set by SurePassID after the user has been authenticated. Here is a list of the attribute values that are supported:
|
Attribute Value |
Attribute Value Returned To Service Provider |
|
_fedid |
User SSO Identity | User SSO Role |
|
_emailaddress |
User Email |
|
_username |
User Login Name |
|
_givenname |
User First Name |
|
_surname |
User Last Name |
|
_phone |
User Phone |
|
_role |
user | administrator |
|
_adminrole |
True | False |
|
_organization |
Company Name |
|
_displayname |
User First Name + User Last Name |
|
_groups |
The SurePassID groups the user is a member of |
|
_group |
The first SurePassID group the user is a member of |
|
_ssoroles |
The SurePassID roles the user is a member of |
|
_ssorole |
The first SurePassID role the user is a member of |
|
_adgroups |
The Active Directory groups the user is a member of (on-prem only) |
|
any value the Service Provider needs |
The required value |
To configure a SAML2 application that requires the user's email, display name, organization, and groups, you will need to set the SAML2 attributes as follows:
