Introduction
This document provides information on attribute mapping with Azure AD as the SAML Identity provider (IdP). Attribute mapping ensures that user information, such as usernames, email addresses, roles, and group memberships, is correctly passed and used effectively by the service provider, FME Flow.
Before You Begin
This is only an example. Please note that the instructions could differ for your specific SAML setup and will require the expertise of your organization’s IT team.
The SAML 2.0 app is already configured according to the document Configuring FME Flow for Azure AD SAML Authentication, and users are already in their respective groups, which have also been assigned to the SAML app.
All the users have the associated group name also mentioned as a user attribute “Department”. This is done to add the group name to the user profile. Please note that you can use any other attribute on the user profile, as preferred.
In the example below, the group name “FMEFlowAdmin” has been added as the “Department” attribute for the user “User1 forFMEFlowadmin”.
Map User field attributes on Azure AD
- Navigate to the SAML enterprise app you previously created.
- In the left pane, go to “Single Sign-on” under the “Manage” section
- Click on “Edit” under the “Attributes & Claims” section.
- Create or edit claims to map them to the required user attributes. Based on the attributes required on the FME Flow Web UI, we have added the five claims below-
Setup attribute mapping in FME Flow
- Go to FME Flow and set up values for the attribute mapping. Please use the same values as the “Claim name” set in the previous step.
- Please ensure that you create FME roles with the same name as the SAML-side user group names on FME Flow. This is a required step to map the roles correctly.
- Log in as the three new SAML users and confirm the correct access/role levels.
- Browse to User Management>Users in FME Flow. As an admin, you should see the proper fields populated for the users.
Comments
0 comments
Please sign in to leave a comment.