SAML Attribute Mapping

With Elastic SSO, you can map any user field to any arbitrary SAML attribute. It can be either single-valued or multi-valued.

For example, you can map the user’s username as an eduPersonPrincipalName. You would configure this mapping in the ServiceProvider/Federation wizard under Manage SSO. The last page of the wizard allows you to map the user fields to SAML attributes. There you would map the username to “urn:oid:1.3.6.1.4.1.5923.1.1.1.6″. You will also need to scope the value. You can select the scope in the Attribute Mapping page. However, you will first need to configure the scope under Manage SSO, Identity Provider.

Custom User Fields allow even more flexibility. You can assign arbitrary values to user accounts, and them map them to SAML attributes as shown above. Custom User Fields can be configured to be single-valued or multi-valued as well as various other options. This feature is only found in the Pro version.