Field | Description | |
First name | Attribute name to be used for reading the first name from a SAML assertion. | |
Last name | Attribute name to be used for reading the last name from a SAML assertion. | |
Email address | Attribute name to be used for reading the email addresses from a SAML assertion. | |
Telephone number | Attribute name to be used for reading the phone numbers from a SAML assertion. | |
Member Of | Groups that the user must be included to. Ensure that the groups created in Developer Portal exist in the corresponding identity provider also. To include users to groups, you can perform one of the following: Create the necessary groups in Developer Portal with appropriate privileges and create the same groups (group names are case-sensitive) in the corresponding identity provider (Okta, Azure AD and so on). Or, if you have the required groups in identity provider, then you can create the same groups in Developer Portal. Create the Developer Portal default groups in identity provider and assign users to them: API Administrator API Provider API Consumer | |
User-defined | List of attributes, separated by commas, to be imported as user-defined attributes of the user. |
Field | Description |
Login using DN | Specifies whether sign in must be tried using the fully qualified name instead of the user name. The name in the assertion is assigned as the distinguished name of the user being created. |
Decompose DN | Specifies whether the fully qualified name is to be decomposed. The name in the assertion is assigned as the distinguished name of the user being created only if the name is in an appropriate format. |
Keyword | Specifies which part of the fully qualified name is to be used for login. |
Authentication context comparison | Specifies the level of comparison that must be performed on the assertion context class against the authentication context. If this fails, the user is not authenticated. |
Name ID format | Specifies the format in which the user ID must be saved. |
Clock skew (in seconds) | Specifies the time offset between identity provider and service provider, in seconds. Assertions are accepted if they are received within the permitted time frame. |
Assertion lifetime (in seconds) | Specifies the maximum lifetime of a SAML assertion, in seconds. |
Assertion consumer service URL | Specifies the URL to which the identity provider must send the authentication response. The URL must be given in the format: http(s)://hostname/portal/rest/saml/initsso |
Default tenant | Specifies the default tenant that is to be used for the SAML-based login. |