User Attribute Mappings

Introduction

UserAttributeMappings play a crucial role in SAML authentication by allowing the transfer of user information from the Identity Provider (IdP) to the Service Provider (SP). This document provides an overview of the default UserAttributeMappings for Azure and Okta, outlining the attributes commonly mapped from the IdP to the SP.

Default UserAttributeMappings for Azure:

• Username: Mapped to 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', indicating the user's email address.
• FirstName: Mapped to 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname', indicating the user's first name.
• LastName: Mapped to 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname', indicating the user's last name.
• Email: Mapped to 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', indicating the user's email address.

Default UserAttributeMappings for Okta

• Username: Mapped to 'user.email', indicating the user's email address.
• FirstName: Mapped to 'user.firstName', indicating the user's first name.
• LastName: Mapped to 'user.lastName', indicating the user's last name.
• Email: Mapped to 'user.email', indicating the user's email address.

Explanation

In a SAML integration, we recommend using the user's email address for both the username and email fields to ensure a unique identifier for each user within the SAML system, simplifying user management and avoiding potential conflicts with duplicate usernames.

The UserAttributeMappings specify how specific attributes are mapped from the IdP to the SP during the SAML authentication process:

1. Username: The user's email address serves as the username, ensuring consistency and uniqueness.
2. FirstName: The user's first name is mapped to this attribute.
3. LastName: The user's last name is mapped to this attribute.
4. Email: The user's email address is mapped to this attribute.

These attributes are used to create a user account in the SP when the user authenticates through the IdP.

Conclusion

UserAttributeMappings are essential in SAML authentication, facilitating the seamless transfer of user information from the IdP to the SP. By understanding the default UserAttributeMappings for Azure and Okta, organizations can configure their SAML integrations effectively. It is worth noting that these mappings can be customized to meet specific requirements, allowing the inclusion of additional attributes or modifications to existing mappings.