When you select an external identity provider in the Administration Portal, the details page allows you to view and modify the following settings.
The first section of the details page provides the following information about the identity provider:
Setting | Description |
---|---|
Identity Provider Name | The friendly name for this identity provider (IdP). The Hyland Experience sign-in page displays this value as an authentication option for users whose email domains have been mapped to this IdP configuration. |
Entity ID | The globally unique SAML identifier of the IdP. |
Metadata URL |
The URL from which SAML metadata will be collected. The SAML metadata must be provided through an internet-accessible URL. Importing a metadata file is not an available option. |
Minimum Assertion Signature Algorithm |
The minimum signature algorithm allowed to process an assertion. |
Bindings
The Bindings section specifies whether the identity provider should override the default binding for authentication requests or assertions.
Setting | Description |
---|---|
Override authentication request binding | Select to override the default binding used for authentication requests. The default request binding is HTTP-Redirect. |
Override assertion binding | Select to request a specific binding for assertions. |
Claim Type Mapping: Default Attributes
The Claim Type Mapping section maps claim types to attributes specified in SAML assertions.
The Default Attributes tab allows you to view and update the following mappings:
Setting | Description |
---|---|
External User ID | The attribute that specifies the user's persistent external identifier. The identifier must be unique to a single user. |
The attribute that specifies the user's primary email address. Each email address must be unique to a single user. | |
Username | The attribute that specifies the user's username. If this claim type is not mapped, or if no username value is provided, then the email value is used instead. |
First Name | The attribute that specifies the user's first name. |
Last Name | The attribute that specifies the user's last name. |
User Groups | The attribute that specifies groups the user belongs to. |
Claim Type Mapping: Custom Attributes
The Custom Attributes tab allows you to view and update mappings for custom user attributes. Custom user attributes must be added to your Hyland Experience account before they can be mapped. If your account requires custom user attributes, please contact your Hyland support representative.
The following information is displayed for each mapped custom user attribute:
Setting | Description |
---|---|
Attribute | The display name of the custom user attribute. |
Source Claim Name | The name of the attribute as specified in SAML assertions from this identity provider. This value is case sensitive. |
To map another custom attribute for this identity provider, click Map Custom Attribute. This option is displayed only if your account has custom user attributes that are not yet mapped for this identity provider.
To remove a custom attribute mapping, click the trash button located next to the mapping. Removing a mapping does not affect existing user information stored for that attribute.
Email Domains
The Email Domains section allows you to change the email domains assigned to this identity provider. Only users with an assigned (selected) email domain are allowed to authenticate using this identity provider.
If an email domain is not listed, you can add it by clicking the Add Email Domain button. For information about adding email domains, see Adding an Email Domain.
Enable or Disable this Identity Provider
The Enable or Disable this Identity Provider section indicates whether this identity provider configuration is currently enabled.
Setting | Description |
---|---|
Enabled | Select to enable this identity provider for Hyland Experience user authentication. |
Disabled | Select to disable this identity provider. When disabled, an identity provider cannot be used for Hyland Experience user authentication requests, and it is not available as a sign-in option for Hyland Experience. |