Assigning the Local Roles Based on Remote Roles and Attributes

You can configure attributes based on the roles you select in the Attribute set field. You can log in to and authenticate based on roles federated in the Origin Identity Provider, Target Service Provider and the Brokering Service Provider configuration.

Origin Identity Provider Role Attribute Configuration

  1. Click Devices > Identity Servers > Shared Settings >Attribute Sets > Mapping >New.

  2. Select the local attribute name from the list.

  3. Enter the remote attribute name for the selected local attribute.

  4. Click OK.

  5. Click Devices > Identity Servers > Edit > SAML 2.0 > Trusted Providers > (Broker Identity under the Identity Providers list) > Configuration > Attributes.

  6. Select the role from Attribute set.

  7. Using the arrows, map the attributes in Send with Authentication and Available List.

  8. Click Apply to map the set role and attribute of the origin Identity Provider.

Allowed Service Provider Role Attribute Configuration

  1. Click Devices > Identity Servers > Shared Settings >Attribute Sets > Mapping >New.

  2. Select the local attribute name from the list.

  3. Specify the remote attribute name for the selected local attribute.

  4. Click OK.

  5. Click Devices > Identity Servers > Edit > SAML 2.0 > Service Providers > (Broker Identity under the Service Providers list) > Configuration > Attributes.

  6. Select the role from Attribute set.

  7. Map the attributes in Send with Authentication and Available List.

  8. Click Apply.

Brokering Service Provider Role Attribute Configuration

Roles set, attribute configured in origin identity provider, and target service provider are added and mapped in the brokering service provider attribute configuration.

  1. Click Devices > Identity Servers > Shared Settings >Attribute Sets > Mapping > New.

  2. Select the local attribute name from the list.

  3. Enter the remote attribute name for the selected local attribute.

  4. Click OK to add the remote attribute name.

  5. Click Devices > Identity Servers > Brokering or click Devices > Identity Servers > Edit > SAML 2.0 > Service Providers > (Broker Identity under the Service Providers list) > Configuration > Attributes.

  6. Select the role from Attribute set.

  7. Using arrows, map the attributes in Send with Authentication and Available List.

  8. Click Apply to set the role and configure the attribute mappings.