Identity Provider attributes for Security Assertion Markup Language
Use the Identity Provider attributes that are received from the Security Assertion Markup Language (SAML) response and OpenID Connect (OIDC) from the Identity Provider (IdP) as a filter criteria for authentication.
To fetch all the attributes from an IdP through the SAML response, you should perform a test connection with the IdP. After a successful test connection, the attributes are added in a new tab in the Identity Provider configuration page.
- Identity Provider filter is available with Zero Trust Access feature. For more information, see Zero Trust Access (ZTA).
- IdP attribute filter criteria can be used in Post-authentication context, Zero Trust Access (ZTA) session relegation, and Multi-factor Authentication context.
You can also add attributes by selecting New from the Identity Provider Attributes section and use those attributes for Adaptive Authentication by setting it to true.
The Identity Provider Attributes are displayed with the following details:
| Field | Description |
|---|---|
| Name | Attribute name that is provided by the Identity Provider. |
| Display Name | Display Name is the detailed name that is used for the filter criteria. Note: You can provide a readable name as a Display Name, in some cases the Display Name provided by the Identity Providers are lengthy and not
readable. |
| Default Value | Default value is used for filter criteria evaluation in case the attribute is missing in the SAML response. |
| Use in Adaptive Authentication | Option to use the Attribute in the Adaptive Authentication. |
You can also add new attributes by selecting New in the Identity Providers Attributes section.
If the Use in Adaptive Authentication is set to true, then the selected attribute is added as filter criteria in the Generic Filter Criteria. For example, risk_score set to true. The Generic Filter Criteria page has a new filter created.