Adding SAML Applications (User Identifier (NameID) Specification)
This page describes how to specify a user attribute to be included in the user identifier (NameID) of the SAML response.
Option | Description | |
---|---|---|
Mapped user attribute | Specify a user attribute to be included in the user identifier (NameID) of the SAML response. | |
User attribute filter | Narrows down user attribute values to be sent when a user attribute has multiple values. | |
Use the primary value | Uses the attribute specified as a primary value. If no attributes configured as primary values exist for the user, an SAML response (InvalidNameIDPolicy) that indicates an authentication failure is sent to the SP. | |
Use values that match the type | Uses the type to select an attribute. The attribute that exactly matches the input type is selected. If no attributes that exactly match the input type are set to the user, an SAML response (InvalidNameIDPolicy) that indicates an authentication failure is sent to the SP. |
The user attributes that can be specified are as follows.
User attribute | Comments |
---|---|
ID | |
UUID | |
Notification email address | |
Application-linking ID | |
External ID | |
Display name | |
Last name | |
First name | |
Department | |
Position | |
Phone numbers | |
IMs | |
Entitlements | |
Return a value based on NameID formats | A user attribute based on the "NameID format" is selected automatically. Refer to "NameID Format" for more information. |