SAML 2.0 - Single Sign on - Custom App - User Attributes

%3CLINGO-SUB%20id%3D%22lingo-sub-172443%22%20slang%3D%22en-US%22%3ESAML%202.0%20-%20Single%20Sign%20on%20-%20Custom%20App%20-%20User%20Attributes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172443%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20setting%20up%20a%20third%20party%20application%20for%20SSO.%20The%20user%20attributes%20%22Value's%22%20always%20start%20with%20%22user.%22%26nbsp%3B%20(e.g.%20user.userprincipalname%2C%20user.mail%2C%20user.surname%2C%20etc.)%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20I%20edit%20out%20the%20initial%20%22user.%22%20or%20is%20this%20necessary%20for%20Azure%20(e.g.%20userprincipalname%2C%20mail%2C%20surname)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20any%20help%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-172443%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-173174%22%20slang%3D%22en-US%22%3ERe%3A%20SAML%202.0%20-%20Single%20Sign%20on%20-%20Custom%20App%20-%20User%20Attributes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-173174%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20Ruud!%20This%20is%20exactly%20what%20I%20needed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-172849%22%20slang%3D%22en-US%22%3ERe%3A%20SAML%202.0%20-%20Single%20Sign%20on%20-%20Custom%20App%20-%20User%20Attributes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172849%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Andres%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20far%20as%20I%20know%2C%20this%20is%20the%20way%20Azure%20AD%20works.%20It%20points%20out%20that%20it's%20going%20to%20use%20the%20userprincipname%20attribute%20from%20the%20user.%20Or%20the%20mail%20attribute%20from%20the%20user.%20You%20could%20for%20example%20also%20add%20group%20attributes%20to%20SAML.%20Then%20it%20would%20be%20group.mail%2C%20or%20group.name.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20the%20user.%20is%20to%20point%20out%20that%20you're%20using%20a%20user%20attribute%20and%20the%20userprincipalname%2C%20mail%20or%20surname%20part%20is%20to%20point%20to%20the%20actual%20attribute.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3ERuud%20Gijsbers%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

When setting up a third party application for SSO. The user attributes "Value's" always start with "user."  (e.g. user.userprincipalname, user.mail, user.surname, etc.) 

 

Can I edit out the initial "user." or is this necessary for Azure (e.g. userprincipalname, mail, surname)

 

Thanks for any help

2 Replies

Hi Andres,

 

As far as I know, this is the way Azure AD works. It points out that it's going to use the userprincipname attribute from the user. Or the mail attribute from the user. You could for example also add group attributes to SAML. Then it would be group.mail, or group.name.

 

So the user. is to point out that you're using a user attribute and the userprincipalname, mail or surname part is to point to the actual attribute.

 

Best regards,

Ruud Gijsbers

Thank you Ruud! This is exactly what I needed