User Attribute Mapping


Learn how to configure the information in an Identity Provider response document based on user attributes.

Video recorded using: Ignition 8.0


(open in window)

[00:00] When a user authenticates against an Identity Provider, the Identity Provider returns what's known as a response document which contains information about that user. With each Identity Provider, you have that ability to map user attributes to certain parts of that response document. To do so, we first need to come into the Identity Provider's page in the Configure section of the Gateway Webpage. Here, we need to find the Identity Provider that we want to manage the user attribute mapping for. Click on the more button on the right hand side and go to User Attribute Mapping. On this page, we're provided with a list of user attributes that we can map to certain parts of the response document. In most cases you're going to use a direct path like you see here in these examples. However for each attribute, you can also choose to do an expression type mapping. This allows you to use the expression language to map the attribute to a part of the response document. This can allow for dynamic attribute mapping depending on what you have in the expression. To find out what the paths are to map attributes within your response document, you would need to look in the documentation for your federated Identity Provider.

You are editing this transcript.

Make any corrections to improve this transcript. We'll review any changes before posting them.