{"id":96546,"date":"2023-08-28T21:03:40","date_gmt":"2023-08-29T01:03:40","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=96546"},"modified":"2024-05-14T19:52:22","modified_gmt":"2024-05-14T23:52:22","slug":"saml-attribute-notes","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/saml-attribute-notes","title":{"rendered":"SAML Attribute Notes"},"content":{"rendered":"\n

The SAML 2.0 Connector and pre-built connectors support the ability to add additional attributes to a SAML\/SSO configuration. <\/p>\n\n\n\n

Finding and configuring SAML Attributes<\/strong><\/h2>\n\n\n\n
    \n
  1. Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
  2. Navigate to USER AUTHETICATION > SSO Applications<\/strong>.<\/li>\n\n\n\n
  3. To configure attributes for a new application:\n
      \n
    1. Type the name of the application in the Search <\/strong>field, select it and then click Next<\/strong>.<\/li>\n\n\n\n
    2. In the Display Label<\/strong>, type your name for the application. Optionally, you can enter a Description<\/strong>, adjust the User Portal Image and choose to hide or Show in User Portal<\/strong>.<\/li>\n\n\n\n
    3. Click Save Application<\/strong> and then click Configure Application<\/strong>.<\/li>\n\n\n\n
    4. Select the SSO <\/strong>tab and scroll down to the Attributes <\/strong>section.<\/li>\n\n\n\n
    5. Configure USER ATTRIBUTE MAPPING<\/a><\/strong>, CONSTANT ATTRIBUTES<\/a><\/strong> and under GROUP ATTRIBUTES<\/a><\/strong>, select to include group attribute<\/strong>. <\/li>\n\n\n\n
    6. Click save<\/strong>.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n

      Attributes<\/strong><\/h2>\n\n\n\n

      A SAML attribute is a piece of information about a user that is included in a SAML assertion. It is a name-value<\/em> pair that is used by the SP to make decisions about the user’s access to the protected resource. SAML attributes can also be used to support advanced authentication and authorization scenarios, such as role-based access control or single sign-on (SSO).<\/p>\n\n\n\n

      User Attributes<\/strong><\/h3>\n\n\n\n

      Before configuring user attributes<\/a> for SAML connectors, make sure you\u2019ve populated the standard and custom user attributes that you plan to use with SAML SSO. User attribute values are unique to each user and are located in the Details <\/strong>tab of the user’s record. Some standard user attributes are required when you create a new user, like Username <\/strong>and Company Email<\/strong>.<\/p>\n\n\n\n

      Service Provider Required User Attributes<\/strong><\/h3>\n\n\n\n

      When you configure user attributes for a pre-built connector, you see some user attributes that are pre-populated. These user attributes are required by the Service Provider (SP) for SAML SSO authentication. You can edit the Service Provider Attribute Name; you can\u2019t edit the JumpCloud Attribute Name. However, you can choose a different JumpCloud attribute or create a custom attribute to map to the Service Provider Attribute Name.<\/p>\n\n\n\n

      JIT Required User Attributes<\/strong><\/h3>\n\n\n\n

      Some pre-built connectors support Just-in-Time (JIT) provisioning and require additional attributes. JIT required attributes are pre-populated and are enabled for JIT provisioning<\/a> by default. <\/p>\n\n\n\n

      Keep the following in mind when working with JIT attributes:<\/p>\n\n\n\n