AuthHub SAML - Minimum required claims and supported claim rules for usergroups.
Article ID: 376032
Updated On:
Products
Issue/Introduction
Under AuthHub we require that every IDP pass the following claim rules at a minimum with no namespace specified:
- name
- roles - If customer tenant is using Classic Organizations, this can be validated by navigating to the top level organization and confirming if the "roles" option appears under Setup -> Admin.
Additionally under AuthHub only certain attributes can currently be utilized to map users to Usergroups, whereas previously under the previous SSO provider any attribute could be utilized.
Please ensure that you pass one of the following attributes listed below when using SSO to map Users to Usergroups.
Resolution
Supported Attributes for Usergroup mapping - if you attempt use a claim outside of those listed below the mapping to the usergroup will not take place. Please note that the name of a claim is independent from the source value, for example I can have a claim named department, and map the value for the users organization field to that claim. When signing in the user would pass department with the value the user has under organization within the IDP.
| Attribute Name |
| Borsa |
| chgroup |
| cloudhealth_usergroup |
| cloudHealthGroups |
| cmp_cloudHealth_userGroup |
| custom |
| department |
| fin |
| FO_Group |
| gid |
| Group |
| group_ids |
| group_name |
| group_names |
| memberOf |
| MSKRole |
| Portfolio |
| Role |
| sAMAccountName |
| saml_group_name |
| T3 |
| TEAM |
| tenant |
| test_key |
| Title |
| user_group |
Feedback
