NameID Format

This page describes specifications of the NameID format for the IIJ ID Service.

NameID format

When federation is performed with SAML, the SAML response, including the user identifier (NameID) of the IIJ ID user, is sent to SAML SP because authentication for the IIJ ID Service has been performed successfully.

SAML SP may determine which user has been authenticated based on the value of the user identifier.

[ Reference ]

Regarding the SAML custom application, it is also possible to specify an arbitrary user attribute for the user identifier.Refer to "Adding SAML Applications (User Identifier (NameID) Specification)" for more information.

Specifications of the NameID format
NameID formatDescriptionComments
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

One of the user attributes shown below is selected as the user identifier.Only attributes to which a value has been set can be selected. If there are multiple attributes, the highest-level one will be selected.

1. "Application-linking ID"
2. "External ID"
3. "UUID"

This NameID format is used for Microsoft 365 applications.
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressThe user ID is selected as the user identifier.
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedThe user ID is selected as the user identifier.