Attribute mappings

This feature allows you to define how user attributes returned by the external IdP are mapped to person attributes managed by Onegini IDP. The attribute mappings functionality is supported by multiple identity provider types like LDAP, SAML and OAuth2 based socials (ex. Facebook or LinkedIn). This guide will walk you though defining attribute mappings for your Identity Provider instance.

The attribute mappings is used in two scenarios:

  • Automatic sign-up - when user unknown to Onegini IDP logs in for the first time and *Just-in-time external IdP sign-up enabled feature is enabled. In this flow the attribute mappings functionality is used to create the person and feed it with data provided by the external IdP.
  • Login with external IdP - when user known to Onegini IDP logs in with an external IdP. Since user data may change in the external IdP, for example his mobile number may be updated, the Onegini IDP synchronizes it's state with the one provided by the external IdP. During flow the attribute mappings is used for keeping user's data up-to-date on the Onegini IDP end.

*The user is known to the Onegini IDP when his account is created and linked with the external IdP.

What is required?

To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IDP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
  • External IdP (Identity Provider of either SAML, LDAP, Facebook or LinkedIn type) must be running externally from Onegini IDP

Configuration

The attribute mappings can be defined on the Identity Provider configuration level, but please note that not all IdP types support attribute mappings. To configure visit the admin console page and navigate to your Identity Provider details page (Config > Identity Providers).

Attribute mappings form

The configuration form allows you to define mappings for all supported basic user attributes as well as custom attributes. Provide the attribute name returned by specific IdP in correct input in order to define a mapping.