Attribute Mapping
Application attributes contain descriptive information about the individual users. Each attribute has a label and one or more values associated with it.
Note: Satori automatically provisions the following attributes:
- First Name
- Last Name
- Email Address
- Manager ID
- Groups
Customize Attribute Mapping for Okta
-
To add additional attributes to your SCIM provisioning, follow the Okta instructions here.
-
Map your attributes to the specific Satori namespace:
urn:ietf:params:scim:schemas:extension:satoricustom:2.0:User:FIELDNAME
where FIELDNAME is the desired and existing attribute you wish to map.
Customize Attribute Mapping for Azure
Perform the following steps in Azure to allow synchronization of additional attributes from Azure to Satori:
-
Map the desired user attribute field using the Azure attribute mapping.
-
Map your attributes to the specific Satori namespace:
urn:ietf:params:scim:schemas:extension:satoricustom:2.0:User:FIELDNAME
where FIELDNAME is the desired and existing attribute you wish to map. -
Because this area of Azure is deeply nested and difficult to find in their UX, we have provided a short tutorial video on this subject.
-
Once you follow these steps, the next time your SCIM provisioning runs, the new fields will show up in the user profiles in Satori.
-
More information on this Azure subject can be found here
Adding Satori Control Attributes
Satori control attributes allow Satori to manage control access for varification of the users identity.
To enable this feature perform the following:
Map your control attributes to the specific Satori namespace:
urn:ietf:params:scim:schemas:extension:satoricontrolattributes:2.0:User
The following attibutes can be utilized by Satori to provide you with the ability to authenticate users in addition to the email address.
Optional Aliases Attibute
These aliases are used by Satori to identify the user when logging in to the datastore using an alias.
Key: aliases
Type: string array
For Example
["alias1","alias2"]
Optional RAW Aliases Attibute
If your IdP does not allow you to map under the namespace an attribute with a string array type you can map aliases to a comma separated string.
Key: rawAliases
Type: string
For Example
“alias1,alias2,alias3”
NOTE: If you define both types of aliases (
aliases
&rawAliases
) under the namespace then thealiases
key attribute will take precedence.