When your identity provider sends its response to us (the service provider) in response to our request to authenticate a user, it will need to send their email address. This is the unique identifier - the nameID - that will identity them within the platform.
If there is no user with that email address already configured within the platform (which will be the case the first time they sign in, unless you have previously created an account for them) the system will attempt to set up a profile for them.
If the platform has only been provided with their email address, it will give them a default name and also a default role (our ‘Basic’ one).
However you can pass their first name, their last name and/or a role id in the SAML assertion, if your identity provider supports doing so. If these attributes are passed, the system will use them when configuring that user.
You can set the following user attributes:
| Attribute | Description |
|---|---|
| firstName | The user’s first name |
| lastName | The user’s last name |
| roleId | The id of the user’s role |
These attributes can be passed in a SAML assertion:
<saml:AttributeStatement> <saml:Attribute Name=“firstName”> <saml:AttributeValue xmlns:xs=”http://www.w3.org/2001/XMLSchema” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name=“lastName”> <saml:AttributeValue xmlns:xs=”http://www.w3.org/2001/XMLSchema” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>Smith</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name=“roleId”> <saml:AttributeValue xmlns:xs=”http://www.w3.org/2001/XMLSchema” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>abcdefgh</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement>
If you have any other questions about single sign-on (SSO) with SAML, or private video hosting, please contact us: [email protected].
Updated: December 16, 2015