Single Sign-on displays the attributes to use when you want to create new user accounts. The Administration Console and the Application Portal display the attributes differently. Use the following information to understand how Single Sign-on displays the attributes to administrators and to the users.
Single Sign-on groups attributes together to help make it easier to create the user registration policy. Single Sign-on always requires that you include the User Email Addresses and User Name. These options are always located at the top of the list of the options to include the policy that you create.
The Password option is not required. If you do not include Password, then a password authentication auto-enrollment does not happen when Single Sign-on creates the account. If you do include Password, the Single Sign-on automatically enrolls the user in the Advanced Authentication PASSWORD chain.
The following table lists the group name with the associated SCIM attributes.
Table 3-1 Group Names and Corresponding SCIM Attributes
|
Group Name |
Single Attribute Name |
Attribute Name Displays below Group Name |
|---|---|---|
|
User Name |
|
|
|
Physical Mailing Address |
|
No attributes |
|
User Email Addresses* (REQUIRED) |
|
|
|
User Phone Numbers* |
|
|
|
User Instant Messing Specifiers* |
|
|
|
No Group |
|
No Group |
|
User Time Zone* |
|
NOTE:Items marked with an asterisk (*) appear in the Administration Console.
When the users select the option to create a new account, the Application Portal groups and displays the attributes differently from what is in the Administration Console. The Application Portal groups similar attributes to appear together in the UI, no matter what the administration selects in the Administration Console. The following describes how the Application Portal displays the groups and attributes to the users.
USERNAME is require and the most important part of the account. The Application Portal always lists it first.
(Conditional) PASSWORD is next, if you selected to require a password for the user.
EMAIL attribute is third in the list. It is a group with Email and Descriptive Name as attributes under the group.
The Application Portal lists all of the attributes in the User Name group next. If there is only one attribute, the Application Portal displays it as full display name, without the User Name group header. If there are two or more attributes, then the Application Portal displays the User Name group header with all of the children of the group that you selected.
Next, the Application Portal adds the Physical Mailing Address group. If there is just one attribute, then the Application Portal displays it with its full display name without the Physical Mailing Address group header. If there are two or more attributes, then the Application Portal displays the Physical Mailing Address group header with the attributes for this group header with all of the children of the group that you selected.
Next, the Application Portal displays the attributes in the User Phone Numbers group. If there is just one attribute, then the Application Portal displays it with the full display name without the User Phone Numbers group header. If there are two or more, then the Application Portal displays the User Phone Numbers group header with the attributes for this group header with all of the children of the group that you selected.
Next, the Application Portal adds the attributes in the User Instant Messaging Specifier group. If there is just one, then the Application Portal displays it with the full display name without the User Instant Messaging Specifier group header. If there are two or more, then the Application Portal displays the User Instant Messaging Specifier group header with all of the attributes for this group.
Lastly, all of the Application Portal displays the Miscellaneous attributes without a group header.