SAML App Connections Advanced

Follow

Engineer's Note:  Please only refer to this article after having completed the steps in the previous SAML App Connections article.

After you have set up your app's SAML connection, there may be different LDAP ValuesClearlogin User Profile Values (CLUP), or Clearlogin Directory Values (CLD) that you would like to define for the purpose of importing user information directly into an app:

Some common LDAP Values include:

{{LDAP.cn}}
The user's full name
{{LDAP.gn}}
The user's first name
{{LDAP.sn}}
The user's last name
{{LDAP.dn}}
The user's distinguished name
{{LDAP.distinguishedName}}
The user's distinguished name
{{LDAP.ou}}
The user's organizational unit
{{LDAP.mail}}
The user's email address
{{LDAP.uid}}
The user's login name
{{LDAP.userPrincipalName}}
The user's login name
{{LDAP.sAMAccountName}}
The user's login name

Some common CLD Values include:

{{cld.name}}
The user's name
{{cld.avatar_url}}
The user's avatar URL
{{cld.groups}}
The user's groups
{{cld.username}}
The user's username
{{cld.email}}
The user's email address

Some common CLUP Values include:

{{cl.name}}
The user's name
{{cl.first_name}}
The user's first name
{{cl.last_name}}
The user's last name
{{cl.email}}
The user's email address
{{cl.access_rules}}
The user's Access Rules
{{cl.openid_uid}}
The user's OpenID user id
{{cl.role}}
The user's Clearlogin role
{{cl.authy_id}}
The user's Auth ID
{{cl.avatar_url}}
URL to the user's Clearlogin avatar
{{cl.transient}}
A random unique identifier.
{{cl.persistent}}
A calculated per-user unique identifier.
{{cl.tenant_domain}}
Your configured domain name.

App Key Value Macros:  We also have a CLD Value modifier called "strip_domain".  This can be used to remove the "@" and domain from the end of an e-mail address.  So for example, "Steve@clearlogin.com" would just be "Steve."  You would enter this modifier as {{cld.email|strip_domain}}.

Of course your LDAP Values are defined by what you make them in your LDAP Identity Provider that's connected to your Identity Source.

The same is true for your CLD Values, they are defined by what you make the CLD Attribute Name.

You can edit your LDAP, CLUP, and CLD Value entries by clicking on the blue button that say Edit on the bottom of your app's configuration page.



On the bottom of the app's Edit Page is the Key Value Pairs section, where you can modify your LDAP Values.



Naturally clicking on the purple button that says Add Field will create a new Key field and a new Value field.  Clicking on the red X button will remove a Key Value Pair.

When you're done adding your Key Value Pairs, click on the green button that says Save SAML App.

Have more questions? Submit a request

Comments

Powered by Zendesk