Help Document
Required SAML Attributes for Just-In-Time Provisioning

    REQUIRED SAML ATTRIBUTES FOR JUST-IN-TIME PROVISIONING

    The Magentrix SSO allows Just-In-Time Provisioning via SAML. The following SAML Attributes are required to be mapped in your Identity Provider for proper Just-In-Time Provisioning function.

    Note that when creating SAML assertions, the prefix ‘User.’ must used for all fields passed in the SAML assertion. For example, if Username is the field being asserted, it must be entered as “User.Username”. See the following:

    <saml:Attribute Name="User.Username"
    	NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    		<saml:AttributeValue
    	xsi:type="xs:anyType">testuser@123.org</saml:AttributeValue>
    </saml:Attribute>
    

     

    Attribute Fields Accepted by Magentrix SSO

    Field NameRequiredComments
    AccountId Only applicable to community users
    Alias  
    City  
    ContactId Only applicable to community users
    Country  
    Currency Currency culture value such as: en-US
    CurrencyIsoCode 

    Two-Letter ISO Code
    (Only required when multi-currency is enabled)

    Description  
    EmailYes 
    FirstnameYes 
    IsActive  
    Language  
    LastnameYes 
    Locale eg: en-US or es-MX
    ManagerId Only applicable to employee users
    MobilePhone  
    Organization  
    Phone  
    PostalCode  
    RoleIdYes 
    State  
    Street  
    Timezone Based on Microsoft list of time zone values (Name of time zone)
    Title  
    UsernameYesUsually email address is used as the username

     

    Magentrix has three user role types: Employee users, Partner users, and Customer users. This is determined by the Role ID. If this assertion is not given, Magentrix will create new users with the default user role chosen in Company Preferences > Application Self-Registration Settings or Custom Community settings (whichever used).

    Creating Community Users (Customers or Partners) requires an Account ID and a Contact ID.

    The “User.AccountId” attribute can be provided as ID value or the Account Record Name. If the corresponding record in the CRM is found, then the community user will be associated with the Account. If the Account ID assertion is not provided, users will be automatically be given the bucket account ID from Company Preferences > Application Self-Registration Settings (if provided).

    The “User.ContactId” attribute can be provided to match the contact associated with community user. You can provide the Contact ID value or email address to match the contact record in the CRM. If the Contact ID assertion is not given, Magentrix would first check for “Contact.Email” attribute and if provided when there is a match, the existing contact’s ID will be linked to the new community user.

    You can also use the user provisioning to create Account and Contact in the CRM when necessary for community users. For example, by prefixing attributes “Account.” or “Contact.”, you can populate standard or custom fields in these records.


    << Enabling SAML and Configuring SAML Identity Providers | Enabling SSO with Facebook >>