8.5 Configure SAML Advanced Settings

Applications > New Application > SAML Application > Advanced Settings

Single Sign-on provides advanced settings for the SAML applications if you need them. You define the advanced settings when you create the SAML application.

  1. While creating an application, select Advanced Settings.

  2. Use the following information to enable the advanced settings when creating a SAML application:

    NameID Format

    Select the appropriate attribute in the local Advanced Authentication repository to send as the NameID attribute to the connected application. Plus, you define the format of the NameID attribute Single Sign-on sends to the connected application:

    Transient (Default)

    Enable this option so that Single Sign-on generates a new value for the NameID attribute for each authentication. Single Sign-on generates a new value for each authentication so there is no attribute for you to select.

    Send E-Mail as NameID

    Enable this option to use the attribute mail from the Advanced Authentication repository to the connected application.

    NOTE:You cannot select any other attribute if you are using the user’s email as the NameID attribute.

    Persistent

    Enable this option to always use the value from the attribute that you select in the Advanced Authentication repository as the NameID attribute Single Sign-on sends to the connected application.

    Unspecified

    Enable this option to use a custom attribute as the NameID attribute. In NameID Attribute, select the appropriate attribute in the Advanced Authentication repository to send to the connected application to use as the NameID attribute.

    Allow Token Reuse

    Enable this option if you want to allow users to apply the one-time password (OTP) multiple times during authentication. This option is applicable for Email OTP, SMS OTP, and Voice OTP methods.

    OTP is an authentication method you configure to use in chains.

    Attribute Mapping

    Map the appropriate attributes in your local identity repository to the attributes in the SAML services. You map the attributes between your identity repository and the SAML service so that the two services can communicate. Select an attribute to see additional attributes that are available to select. Single Sign-on provides a list of default attributes.

  3. Select Done to save these options and close Advanced Settings.