...
After you have configured necessary core settings, you may need to adjust user attribute mappings. Default mappings are suitable for most cases. Attribute mappings can take multiple values in order of preference, separated by comma.
...
All fields are documented in detail in table below. You do not need to modify these attribute mappings in most use-cases. Default values are usually sufficient.
...
Field
...
Description
...
Default value
...
Example value from Azure AD
...
Allow creating new users
...
Allow or deny creating new users. If you want to allow every user from Azure to sign in to TrivoreID, you need to check this. If not checked, only existing users can link their accounts with Azure AD accounts
...
False (not checked)
...
N/A
...
Link ID
...
Permanent, non-secretive user identifier from Azure AD. Rarely needs to be modified.
...
sub
...
“kk-N8_WZKfkIi6g_gkm5dyWW6coqSwZPLMfIzWYVeoI”
...
Username import policy
...
How to handle usernames in TrivoreID. This option exist in order to guarantee username uniqueness within namespace, which is a technical requirement. You can choose to import usernames from Azure but preferred method is to generate them automatically using default settings.
...
Automatic namespace username policy (actual value depends on the configured policy in namespace settings)
...
N/A
...
Username
...
Attribute from Azure AD that provides user’s username
...
preferred_username, unique_name, upn
...
john.doe@client.example.com
...
Username prefix
...
Add username prefix with this literal value
...
None
...
N/A
...
Username suffix
...
Add username suffix with this literal value
...
None
...
N/A
...
Update username if it does match given settings
...
Update user’s username on every successful login if it does not match given settings. Very rarely needed feature
...
False (not checked)
...
N/A
...
Friendly name
...
Friendly name for user’s Azure AD account that helps s/he identify it. Only useful if users are given access to manage their account linkings (add, edit, remove links)
...
preferred_username, unique_name, upn, name
...
“John Doe”
...
First name
...
Attribute from Azure AD that provides user’s first name
...
given_name (OIDC standard attribute)
...
“John“
...
Last name
...
Attribute from Azure AD that provides user’s last name
...
family_name (OIDC standard attribute)
...
“Doe“
...
Full name
...
Attribute from Azure AD that provides user’s full name, including both first and last name and possible middle names. This is only useful if separate attributes for first and last name are not available.
...
name
...
“John Doe“
...
...
Attribute from Azure AD that provides user’s email
...
...
“john.doe@example.com“
...
Email verified
...
Attribute from Azure AD that provides user’s email verification information. Boolean attribute. May not be available
...
None
...
true
...
Mobile
...
Attribute from Azure AD that provides user’s mobile number
...
None
...
+358401234567
...
Mobile verified
...
Attribute from Azure AD that provides user’s mobile number verification information. Boolean attribute. May not be available
...
None
...
false
...
Locale / language
...
Attribute from Azure AD that provides user’s language or localisation information
...
None
...
“en_US”
...
Photo URL
...
Attribute from Azure AD that provides user’s photo URL. User photos will be fetched from via GraphAPI (not implemented yet).
...
picture
...
Azure AD uses common user attribute mappings documented at Common settings . Photo URL is not yet implemented.