Specify field mappings for SAML authentication flows.
In the SAML authentication flow, which applies to all SAML authentications such as Okta, and OneLogin, it is assumed that the Name ID is the username and the email address of the user. In some cases, the user's email address might not be identical with the username. In such cases, you can override the default behavior by setting values for parameters.
Global Setting (Key) |
Description |
SAML.email |
By setting the parameter in global settings you can specify a different parameter for the email address of the user. If set, it will be used to populate the user's email address, instead of just copying the NameID. If not set, the email address will be copied from the NameID and will be the same as the username. In case your SAML payload does not have an email address, the JIT provisioning for users might not work, but SSO can still be achieved by defining SAML.email = email in global settings. |
SAML.firstname |
The alternative mapping for the first name. |
SAML.lastname |
The alternative mapping for the last name. |
system.login_sso_label |
To change the label of the login button for SAML SSO, add For example, if you want to change the label for the login button from Sign in with SAML to Login, add If you don't add the global setting
For example, if the configured SSO vendor for your system is Google, the label for the login button is |
Comments
0 comments
Please sign in to leave a comment.