Skip to content

Latest commit

 

History

History
612 lines (393 loc) · 8.69 KB

configuring-user-attributes-from-the-identity-directory-d361407.md

File metadata and controls

612 lines (393 loc) · 8.69 KB

Configuring User Attributes from the Identity Directory

Specify how the local user attributes, configured to be collected by the registration and upgrade forms, are sent to the application.

Context

Identity Authentication defines default names for the user attributes, but you can change them in accordance with your requirements.

You configure the attributes by defining which user attribute corresponds to the user attribute that you set for the registration and upgrade forms. You can also specify multiple user attributes for each user attribute. You perform this mapping to help the application use the same user attribute for different scenarios that require several user attributes.

Note:

The user attribute name must match the name that the application is expecting.

The attributes are also put in the id_token if the application is OpenID connect. For more information, see Configuring OpenID Connect.

By default, Identity Authentication sets the following user attribute names:

User Attribute

User Attribute Name

Salutation

title

First Name

first_name

Middle Name

middle_name

Last Name

last_name

Email

mail

Telephone Number

telephone

Language

locale/language

Note:

locale is added at the creation of the application. It takes as value the language of the user.

You can view the configured user language in the administration console for SAP Cloud Identity Services. For more information, see Configuring User Attributes from the Identity Directory.

Login Name

login_name

Display Name

display_name

User ID

uid

Global User ID

user_uuid

User Type

Note:

For example, consumer, partner, or employee.

type

Street Address

street

Street Address 2

street2

City

city

ZIP/Postal Code

zip

Country

country

State/Province

state

Cost Center

cost_center

Department

department

Division

division

Employee Number

employee_number

Company

company

Company Street Address

company_street

Company Street Address 2

company_street_2

Company City

company_city

Company ZIP/Postal Code

company_zip

Company Country

company_country

Company State/Province

company_region

Company Industry

industry

Company Relationship

relationship

Job Function

job_function

Groups

groups

Note:

Use Groups as user attribute name for application on the SAP BTP, Cloud Foundry Environment.

Corporate Groups

Note:

This attribute is applicable for the corporate user store scenarios and contains the groups the user in the corporate user store is assigned to.

corporate_groups

Contact by Email

contact_preference_mail

Contact by Telephone

contact_preference_telephone

Application Custom Attribute 1

app_custom_attribute_1

Application Custom Attribute 2

app_custom_attribute_2

Application Custom Attribute 3

app_custom_attribute_3

Application Custom Attribute 4

app_custom_attribute_4

Application Custom Attribute 5

app_custom_attribute_5

Remember:

The application custom attributes are configured by the application (service provider). They can't be defined for the user.

Custom attributes must not be used to store sensitive personal data.

Note:

The Value column lists the attributes that can be shown on the registration and upgrade forms. The Name lists the attributes that are sent in the assertion.

The configured custom attributes are also put in the id_token if the application is OpenID connect. For more information, see Configuring OpenID Connect.

The configured custom attributes can be seen at the user profile page after choosing View My Data.

The configuration of the user attributes for the system applications is disabled. The default values for these applications are First Name, Company, Last Name, and Email.

Remember:

When the application uses a corporate IdP for authentication, and Identity Federation is disabled, the user attributes configurations in the administration console for SAP Cloud Identity Services aren't relevant. In such scenarios Identity Authentication sends to the application the user attributes that come from the corporate identity provider without changing them. For more information about the corporate identity provider scenario, see Corporate Identity Providers and Configure Identity Federation.

Procedure

  1. Sign in to the administration console for SAP Cloud Identity Services.

  2. Under Applications and Resources, choose the Applications tile.

  3. Choose the application that you want to edit.

    Note:

    Type the name of the application in the search field to filter the list items, or choose the application from the list on the left.

    If you don’t have a created application in your list, you can create one. For more information, see Create a New Application.

  4. Choose the Trust tab.

  5. Under SINGLE SIGN-ON, choose Attributes.

  6. Under the Self-defined Attributes section, choose Expand All to view all the information about the user attributes.

  7. Optional: Choose the Add button:

    1. Provide a name for the attribute.

    2. Choose Identity Directory source.

    3. Choose a value from the drop-down list.

  8. Optional: Choose the plus button next to the attribute to set a new value for the attribute.

  9. Save your configuration.

Related Information

Configure Registration and Upgrade Forms

Create a New Application