...
IdP settings consist of only single field where you can import the metadata XML file provided to you by the SAML IdP administrator. The XML file is structurally validated but testing is required to make sure everything works as expected.
...
User information
After you have configured necessary core settings, you may need to adjust user attribute mappings. Attribute mappings can take multiple values in order of preference, separated by comma.
Field | Description | Default value | Example value from ADFS |
|---|---|---|---|
Allow creating new users | Allow or deny creating new users. If you want to allow every user from ADFS to sign in to TrivoreID you need to check this. If not checked, only existing users can link their accounts with ADFS accounts | False (not checked) | N/A |
Use NameID based linking | Use SAML NameID field for user’s ID. Please note that this option can not be used if ADFS uses transient NameID values as those differ for every login attempt. | True (checked) | |
Link ID | Permanent, non-secretive user identifier from ADFS. Use this option if NameID based linking is not suitable. |
| |
Username import policy | How to handle usernames in TrivoreID. This option exist in order to guarantee username uniqueness within namespace, which is a technical requirement. You can choose to import usernames from ADFS but preferred method is to generate them automatically using default settings. | Automatic namespace username policy (actual value depends on the configured policy in namespace settings) | N/A |
Username | Attribute from ADFS that provides user’s username | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
|
Username prefix | Add username prefix with this literal value |
| N/A |
Username suffix | Add username suffix with this literal value |
| N/A |
Update username if it does match given settings | Update user’s username on every successful login if it does not match given settings. Very rarely needed feature | False (not checked) | N/A |
Friendly name | Friendly name for user’s ADFS account that helps s/he identify it. Only useful if users are given access to manage their account linkings (add, edit, remove links) | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
|
First name | Attribute from ADFS that provides user’s first name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
|
Last name | Attribute from ADFS that provides user’s last name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
|
Full name | Attribute from ADFS that provides user’s full name, including both first and last name and possible middle names. This is only useful if separate attributes for first and last name are not available. |
|
|
Attribute from ADFS that provides user’s email | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
| |
Email verified | Attribute from ADFS that provides user’s email verification information. Boolean attribute. May not be available |
|
|
Mobile | Attribute from ADFS that provides user’s mobile number |
|
|
Mobile verified | Attribute from ADFS that provides user’s mobile number verification information. Boolean attribute. May not be available |
|
|
Locale / language | Attribute from ADFS that provides user’s language or localisation information |
|
|
Photo URL | Attribute from ADFS that provides user’s photo URL. |
|