You can now pass custom SAML attributes into Onit when a user logs in. This is a great way to keep information about users in sync with your own IT systems.
This feature requires an integration with a third party system called FusionAuth to help facilitate the passing of SAML attributes.
A FusionAuth Integration is similar to a standard SSO IDP integration. However, instead of Onit connecting directly to the IDP, FusionAuth will be configured to connect to the IDP and Onit will connect with FusionAuth.
Enablement of this feature will require some steps by Onit resources within FusionAuth itself. Below we'll cover the configuration steps that are taken within the OnitX Platform.
1. Go to Security under Administration
Prior to this step, work will be done by Onit resources to get things setup in FusionAuth. Once that is configured we can then finish the setup within Onit.
Begin by going to the Security configuration page and selecting either "Single Sign On" or "Single Sign On and Password".
2. Check the 'Use Fusion Auth' checkbox.
When adding an IDP you'll see a new checkbox called "Use Fusion Auth". Enabling this checkbox will show additional fields needed for the Fusion Auth integration.
3. Fill out the FusionAuth fields and define the Custom SAML attributes.
Information for these fields will come from the setup that was done in Fusion Auth. A key field here is "Custom SAML attribute names". This is where you define the key names of custom SAML attributes that you expect to be passed in from the IDP. If a key name is not entered here then it will not be available in the following steps.
4. Go to the User Preferences Providers
Next we'll go to the User Preference Provider to pass the defined SAML attributes into our User Profile records.
5. Add the same Custom SAML Attribute Names from Security to the SAML Attribute section of a User Preferences Providers
At the bottom of the User Preference Provider you'll see a section titled "SAML Attributes". This section will allow you to map the attributes you defined above to fields on the User Profile app.
6. New fields are updated per user anytime the user logs in via FusionAuth
Whenever a user signs in using the IDP configuration enabled by FusionAuth, the custom SAML attributes specified above will automatically update in their User Profile. Based on these updated attributes, you can then set up tailored workflows in Onit to suit your specific needs.
