User identifier and attributes
When a user logs into the marketplace using an external identity provider (IdP), essential data about the user is transmitted to confirm or provision the user’s identity. This topic describes the user identifier and attributes supported by AppDirect.
User identifier
Single sign-on (SSO) users must be identified by a unique and immutable identifier sent in the SAML assertion’s NameID element. The first time users log into the marketplace using SSO, this identifier is associated with their marketplace user record by setting the user’s external ID to this value, as shown in the following example.
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">john.smith@example.com</saml:NameID>
…
</saml:Subject>
Supported attributes
AppDirect-powered marketplaces support automatic user creation, updating, and linking, using attributes that are included in the SAML response.The following table lists the supported attributes and when they are used.
| Attribute | Description | Usage |
|---|---|---|
| FirstName | User’s first name Required when Automatic user creation is enabled | Create and update |
| LastName | User’s last name Required when Automatic user creation is enabled | Create and update |
| User’s primary email address Required when Automatic user creation or User account linking by email are enabled | Create, update, and linking | |
| WorkEmail | User’s work email address | Create and update |
| PersonalEmail | User’s personal email address | Create and update |
| HomePhone | User’s home phone number | Create and update |
| MobilePhone | User’s mobile phone number | Create and update |
| WorkPhone | User’s work phone number | Create and update |
| Title | User’s title | Create and update |
| Country | User’s country | Create and update |
| State | User’s state | Create and update |
| BillingDay | User’s billing day of month (1-28) | Create |
| Role | User’s company role Must match one of the following values: SYS_ADMIN, BILLING_ADMIN, USER | Create |
Attribute names must exactly match those defined in the table above, as shown in the following example.
<saml:AttributeStatement>
<saml:Attribute Name="**Email**" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">john.smith@example.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="**FirstName**" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">John</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="**LastName**" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Smith</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
Was this page helpful?
Tell us more…
Help us improve our content. Responses are anonymous.
Thanks
We appreciate your feedback!