Home

SAML 2.0 - Single Sign on - Custom App - User Attributes

%3CLINGO-SUB%20id%3D%22lingo-sub-172443%22%20slang%3D%22en-US%22%3ESAML%202.0%20-%20Single%20Sign%20on%20-%20Custom%20App%20-%20User%20Attributes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172443%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20setting%20up%20a%20third%20party%20application%20for%20SSO.%20The%20user%20attributes%20%22Value's%22%20always%20start%20with%20%22user.%22%26nbsp%3B%20(e.g.%20user.userprincipalname%2C%20user.mail%2C%20user.surname%2C%20etc.)%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20I%20edit%20out%20the%20initial%20%22user.%22%20or%20is%20this%20necessary%20for%20Azure%20(e.g.%20userprincipalname%2C%20mail%2C%20surname)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20any%20help%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-172443%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-173174%22%20slang%3D%22en-US%22%3ERe%3A%20SAML%202.0%20-%20Single%20Sign%20on%20-%20Custom%20App%20-%20User%20Attributes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-173174%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20Ruud!%20This%20is%20exactly%20what%20I%20needed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-172849%22%20slang%3D%22en-US%22%3ERe%3A%20SAML%202.0%20-%20Single%20Sign%20on%20-%20Custom%20App%20-%20User%20Attributes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172849%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Andres%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20far%20as%20I%20know%2C%20this%20is%20the%20way%20Azure%20AD%20works.%20It%20points%20out%20that%20it's%20going%20to%20use%20the%20userprincipname%20attribute%20from%20the%20user.%20Or%20the%20mail%20attribute%20from%20the%20user.%20You%20could%20for%20example%20also%20add%20group%20attributes%20to%20SAML.%20Then%20it%20would%20be%20group.mail%2C%20or%20group.name.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20the%20user.%20is%20to%20point%20out%20that%20you're%20using%20a%20user%20attribute%20and%20the%20userprincipalname%2C%20mail%20or%20surname%20part%20is%20to%20point%20to%20the%20actual%20attribute.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3ERuud%20Gijsbers%3C%2FP%3E%3C%2FLINGO-BODY%3E
Andres Martin Garcia
New Contributor

When setting up a third party application for SSO. The user attributes "Value's" always start with "user."  (e.g. user.userprincipalname, user.mail, user.surname, etc.) 

 

Can I edit out the initial "user." or is this necessary for Azure (e.g. userprincipalname, mail, surname)

 

Thanks for any help

2 Replies

Hi Andres,

 

As far as I know, this is the way Azure AD works. It points out that it's going to use the userprincipname attribute from the user. Or the mail attribute from the user. You could for example also add group attributes to SAML. Then it would be group.mail, or group.name.

 

So the user. is to point out that you're using a user attribute and the userprincipalname, mail or surname part is to point to the actual attribute.

 

Best regards,

Ruud Gijsbers

Thank you Ruud! This is exactly what I needed

Related Conversations
Share with : Custom Group
anonymous-user in Microsoft Stream Forum on
3 Replies
Create survey in Yammer
Deleted in Yammer on
9 Replies
Pricing & customization
anonymous-user in Microsoft Stream Forum on
2 Replies
Stock Ticker webpart for modern site
Jonathan Herschel in SharePoint on
7 Replies