Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can make advanced claim configurations based on the basic configurations you have made.

Expand
titleClick here for more information on when advanced claims are useful
Info
titleProvisioning scenarios where advanced claims are useful

The following scenario expands on two different scenarios where provisioning happens. For both these scenarios, advanced claims are very useful.

Image Added

In the above scenario, Google Apps is configured as an identity provider in the Identity Server. When a user is added to the management console of the Identity Server, the user is provisioned to Google Apps using the Google Apps identity provider configuration in the Identity Server.

The next scenario is for Just-In-Time (JIT) provisioning. Salesforce is the service provider and Facebook is the identity provider configured in the Identity Server. When JIT provisioning is configured the user is provisioned to the user store configured in the Identity Server. If the same user store is configured in the Google Apps identity provider configuration and JIT provisioning is enabled, the user is provisioned there as well.

In both these scenarios, only some specific user attributes must be configured for provisioning as the claims are different for both Facebook and Google Apps and also for the Identity Server and Google Apps.

 

  • If you chose to Use Local Claim Dialect in the Basic Claim Configuration, do the following.
    1. When you send provisioning requests from the Identity Server to the external identity provider, it may not be necessary to send all the requests. So, you can use the Provisioning Claim Filter to filter out the user attributes you need to send from the other available attributes. To use the Provisioning Claim Filter, select the claims that exist in the Identity Server from the dropdown list and click Add Claim. Clicking this button again enables you to add a new entry.
      Advanced Claim for local claims
    2. Enter a Default Value for your claim. This value is the default value used when provisioning this claim. This value will be used in all instances of this field, e.g., if all users are from one organization, you can specify the name of the organization as a default value using this field. Clicking the Delete button will remove this advanced claim.
  • If you chose to Define Custom Claim Dialect in the Basic Claim Configuration, do the following.
    1. Select the Identity Provider Claim URI you defined from the dropdown list and click Add Claim. Clicking this button again will add a new entry.
      Advanced Claim for custom claims
    2. Enter a Default Value for your claim. This value is the default value used when provisioning this claim. This value will be used in all instances of this field, e.g., if all users are from one organization, you can specify the name of the organization as a default value using this field. Clicking the Delete button will remove this advanced claim.