How the LDAP Attributes Work for SAML Web Portals
search cancel

How the LDAP Attributes Work for SAML Web Portals


Article ID: 243158


Updated On:


CA Privileged Access Manager (PAM)


A TCP/UDP service was configured for SAML SSO authentication to a web portal and the access policy is trying to be configured for users. How does the LDAP attribute work in the SAML part of the policy?


Privileged Access Management, all versions


When the LDAP user logs into the GUI, PAM will check if the user has any SAML web portal policies and determine which attributes are needed for the assertion. It will then resolve those attributes in an LDAP query and store it in the user's session information. When the user launches the web portal, PAM will get the information from the user's session information and create the assertion.

When configuring the policy, select LDAP Attribute from the Attribute column. In the Value column, put the attribute exactly as it is in LDAP. For example, use sAMAccountName, userPrincipalName, etc.