Attribute binding
Attribute binding links attribute names from PE to attributes in the identity provider. When configuring SSO, choose the name of the attributes for PE and map them to the corresponding values in your identity provider configuration.
There are no standard SAML attribute names, but attribute binding ensures PE and your identity provider can identify attributes from one another without having to call them the same thing. This capability allows you to connect PE to a variety of different identity providers.
For example, you might want to name the User attribute “uid” in PE, which corresponds to a unique user ID. When you configure attribute binding with your identity provider, map “uid” to the corresponding value your identity provider uses to identify the unique user ID, for example, “user.login”.
After configuring attribute binding for User in PE and in your identity provider, any time PE receives an assertion from the identity provider, it knows that “user.login” is the same thing as “uid”, and vice versa.
If you are connected to a LDAP external directory service, consider using the same attribute names you use in your LDAP configuration.
Attribute binding occurs for four attributes:
The login field that consistently identifies a given user across multiple platforms. If migrating from LDAP, this is the same as the "user login field".
Example: "uid"
Extracts the email address of the user.
Example: "email"
Displays a friendly name for the user, usually the first and last name.
Example: "name"
Automatically associates the user groups and their assigned roles in PE. The attribute maps to the "login" value of the user group.
Example: "group"
