Skip to main content
Skip table of contents

Creating SAML Attribute Mappings

It is recommended to read SAML 2.0 Common and SAML Attribute Mapping to configure the identity provider before proceeding.

Overview

Much like LDAP Importing directory entities, SAML attribute mappings can be created on the Directory Mappings page. This allows for mapping roles to arbitrary SAML attribute names and values, as well as being able to use these records in all other places that LDAP records can be found - such as in Provisioning and Delivery Method Restrictions.

Creating Mappings

  1. To create an attribute mapping, navigate to the Directory Mappings page as shown below.

  2. Click on the Add SAML attribute button in the top right

  3. Fill out the form using the attribute name and value you wish to map to users

    1. The Connection Key field will allow you to choose from your list of SAML SSO methods (see SAML 2.0 Common for more information on setting these up) to determine when this attribute will be used

    2. More information on these fields can be found in the table below

4. Click Save.

Directory Mapping Settings

Field Name

Description

Intended Value

Name

A display name used for this mapping, in some scenarios this may be the only visible information you will have to differ between mapings. We suggest using a name you will recognise and understand the purpose of the mapping.

An understandable value for the attribute values used, e.g. Engineering Students

Connection Key

This will be a list of your existing SAML SSO methods, this will determine which logins will have the attributes attempt to be matched for.

The SAML method users will attempt to match attributes for.

Attribute Name

The name of the attribute that will be matched against the user’s login details.

The SAML-compliant attribute used to retrieve the information, e.g. http://schemas.microsoft.com/identity/claims/groups

Attribute Values

The values of the attribute to match against the user’s login details, with a limit of 2000 values per attribute. Only one of the values is required to match. Each value should be on a different line.

The values to be matched, e.g. 2 groups related to engineering

e322e5bb-334c-4d85-9327-37beedfb1eab
2a25eee1-10d7-4d1e-90c8-6ab57919a1a0

Role

This determines the level of access that a user linked to that attribute will have to AppsAnywhere.

  • If you are creating this attribute purely as a means of providing access to applications, simply select the User role.

  • If you are creating the attribute to provide access to admin functions, you should consider the level of access you want to provide (see User Roles and Permissions).

The desired role of the user, e.g. User

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.