Configure user attribute mapping with Okta SAML Provider

Merline George
Merline George
  • Updated

Introduction

This document provides information on attribute mapping with Okta as the SAML Identity provider (IdP). Attribute mapping ensures that user information, such as usernames, email addresses, roles, and group memberships, is correctly passed and used effectively by the service provider, FME Flow.

Before You Begin

This is only an example. Please note that the instructions could differ for your specific SAML setup and will require the expertise of your organization’s IT team.

The SAML 2.0 app is already configured according to the document Configuring FME Flow for Okta SAML Authentication, and users already exist in their respective groups. The groups have also been assigned to the SAML app.

The associated group name for each user is also added as a user attribute (in our example, “Department”). This is done to add the group name to the users' profiles. Please note that you can use any other attribute on the user profile (Department, Division, etc) as preferred. For example, below the group name “FMEFlowAdmin” has been added as the “Department” attribute for the user “User1 forFMEFlowadmin”. 

Map User Field Attributes on Okta 

  1. Add Attributes to the SAML application
    In the left pane, go to “Directory” > “Profile Editor”. Find the application that you created, click its name in the Profile column, and select “Add Attribute”.

Complete the form with the appropriate values for the attribute. Once complete, click “Save to continue” or “Save and Add Another” to create another attribute.

Below is an example of creating an attribute for the users’ first name. The “Display Name” field is a human-readable name that describes the attribute, and the “Variable Name” field is the technical identifier for the attribute, which must be unique and will be used for mapping. 

Now we can see complete attribute mapping for the five attributes that will be pulled into FME Flow during user creation.

  1. Create Attribute Statements
    In the left panel, go to “Applications” > “Applications” and select the FME Flow application. On the application page, go to the “General” tab and click Edit under “SAML Settings”


Click Next in “General Settings” to go to the “Configure SAML” page.
Under “Attribute Statements (optional)”, enter the “Display Name” of the attribute created in Step 1 under the “Name” field and enter “user.<variable name>” under the “Value” field. Perform this task for all the attributes.

Click “Next” and then Click “Finish”

  1. Configure User Profile Mappings in Okta
    In the left pane, go to “Directory” > “Profile Editor” and click on Mappings for the FME Flow Application.


Click on "Okta User to <Name of FME Flow Application>". Map the Okta User Profile attribute to the corresponding FME Flow application attribute

Set mapping rules for each attribute or leave on default (Apply mapping on user create only) and click Save Mapping. Select to apply mapping when prompted. For our example, we chose the default “Apply mapping on user create only”.

Setup attribute mapping in FME Flow

  1. Set up values for attribute mapping
    In the FME Flow web UI set up values for the attribute mapping. Please use the same values as “Display names” on the “Profile Editor” as set in step 1 of the previous section: "Add Attributes to the SAML application".

  1. Check FME roles and SAML user group names
    Please ensure that FME roles with the same name as the SAML-side user group names exist on FME Flow.

  1. Check access and role levels
    Log in as the three new SAML users and confirm the correct access/role levels.
  2. Check the roles and type fields have been populated
    Browse to User Management>Users in FME Flow as an admin, and you should see the proper fields populated for the users

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.