To use SAML attribute mappings, an additional update to your AppsAnywhere servers is required

Overview

Much like LDAP directory mappings can be imported from the Directory Browser page, SAML attribute mappings can be created on the Directory Mappings page. This allows for mapping roles to arbitrary SAML attribute names and values, as well as being able to use these records in all other places that LDAP records can be found - such as in Provisioning and Delivery Method Restrictions.

Creating Mappings

  1. To create an attribute mapping, navigate to the Directory Mappings page as shown below.

  2. Click on the Add SAML attribute button in the top right

  3. Fill out the form using the attribute name and value you wish to map to users

    1. The Connection Key field will allow you to choose from your list of SAML SSO methods (see SAML 2.0 Common for more information on setting these up) to determine when this attribute will be used

    2. More information on these fields can be found in the table below

  4. Click Save.

Directory Mapping Settings

Field Name

Description

Intended Value

Name

A display name used for this mapping, in some scenarios this may be the only visible information you will have to differ between mapings. We suggest using a name you will recognise and understand the purpose of the mapping.

An understandable value for the attribute values used, e.g. Name - john.smith

Connection Key

This will be a list of your existing SAML SSO methods, this will determine which logins will have the attributes attempt to be matched for.

The SAML method users will attempt to match attributes for.

Attribute Name

The name of the attribute that will be matched against the user’s login details.

The SAML-compliant attribute used to retrieve the information, e.g. http://schemas.microsoft.com/identity/claims/displayname

Attribute Value

The value of the attribute to be match against the user’s login details.

The value to be matched, e.g. John Smith

Role

This determines the level of access that a user linked to that attribute will have to AppsAnywhere.

  • If you are creating this attribute purely as a means of providing access to applications, simply select the User role.

  • If you are creating the attribute to provide access to admin functions, you should consider the level of access you want to provide (see User Roles and Permissions).

The desired role of the user, e.g. User