Pricing

Articles in this section

See more

Edit a mapping set

  • Updated:

Introduction

This article demonstrates how to map attributes from an identity provider to HelloID, or from HelloID to a single sign-on application.

For more background information on mapping, see Mapping - Overview.

To get started, go to Directory > Mapping Sets.

Edit an identity provider mapping set

For this example, we'll map attributes from Active Directory to HelloID. The process is nearly identical for other IdPs. Furthermore, Active Directory mapping sets contain both user and group mappings. Here, we'll only demonstrate user mappings. Group mappings use the same process.

Pull attributes from the IdP

Select the Edit link for the relevant IdP mapping set.

mceclip0.png

For this example, we'll select the Change attributes link for Active directory user.

mceclip1.png

Edit an existing attribute

A dialog box presents a list of attributes which will be pulled from the IdP during synchronization. Select the Edit link to see the details of a specific attribute. For this example, we'll edit the Last name attribute.

mceclip2.png

A second dialog box displays the mapping options for the Last name attribute.

mceclip4.png

Here, the IdP's sn attribute is being pulled out and assigned to an intermediary variable called lastName. Later, we'll assign this intermediary variable to a destination variable in the HelloID user schema.

Each attribute has five mapping options:

  • Display Name
    The label for the attribute, displayed in bold on the previous screen. Only for reference. Does not affect functionality.
  • Variable Name
    The name of the intermediary variable which will temporarily hold values pulled out of the IdP attribute specified in Source Field.
  • Source Field
    The name of the attribute to pull out of the IdP user schema.
  • Data Type
    The data type of the intermediary variable specified in Variable Name.
  • Required
    Whether the Source Field must be present to map a user into HelloID. If this toggle is turned on, but the Source Field attribute is empty or missing for the user in the IdP, no user will be mapped to HelloID during synchronization.

When you are finished, select the Close button to close the dialog box. Then select the Save button to commit your changes.

Add a new attribute

You can also pull custom attributes from the IdP's user schema. For example, let's assume our IdP user schema has a custom attribute called extensionAttribute1. To pull it out of the IdP, select the Add attribute button.

mceclip0.png

Fill out the fields as demonstrated below. These fields are defined above, in the Edit an existing attribute section.

mceclip1.png

 Select the Add attribute button to confirm.

mceclip2.png

When you are finished, select the Close button to close the dialog box. Then select the Save button to commit your changes.

Delete an existing attribute

To delete an attribute, select its Delete link.

mceclip3.png

When you are finished, select the Close button to close the dialog box. Then select the Save button to commit your changes.

Map attributes to HelloID

After you've specified which attributes to pull out of the IdP user schema and mapped them onto intermediary variables, you need to map these intermediary variables onto destination variables in the HelloID user schema.

To do so, select the Edit link for the relevant mapping set, and then select the Change mappings link. For this example, we'll continue with our Active Directory user example.

mceclip5.png

Edit an existing attribute

A dialog box presents a two-column list of attributes.

The left column contains the intermediary variables pulled from the IdP. These correspond to Variable Name fields under the Change attributes link, and are accessed using double curly brace notation.

The right column contains destination variables in the HelloID user schema, onto which we will map the intermediary variables. These do not use double curly brace notation.

Edit these mappings as needed.

mceclip6.png

When you are finished, select the Close button to close the dialog box. Then select the Save button to commit your changes.

Add a new attribute

You can also add custom attributes to HelloID user schema. For this example, we'll add a field for Extension Attribute 1, the custom attribute we previously pulled out of Active Directory. To do so, select the Add mapping button.

mceclip0.png

A new field appears at the bottom of the list. Enter the required information. Note that extensionAttribute1 is not auto-completed in the right column. This is because it doesn't exist yet. The attribute will be added to the HelloID user schema during the next synchronization.

mceclip1.png

When you are finished, select the Close button to close the dialog box. Then select the Save button to commit your changes.

Delete an existing attribute

To delete an attribute, select its X button.

mceclip2.png

When you are finished, select the Close button to close the dialog box. Then select the Save button to commit your changes.

Set identifier

When mapping attributes from IdPs other than Active Directory, you have the option to manually set the unique identifier. To do so, select the Set Identifier link.

mceclip3.png

mceclip4.png

Otherwise, the process is the same as described above.

Edit an application mapping set

Mapping attributes from HelloID to a single-sign on application follows the same general principles used when mapping from an IdP to HelloID, as described above. The actual workflow is slightly different, and works as follows.

The attributes under an application's Change attributes link represent those which are recognized by the external application's identity schema. Thus, they represent attributes which are potentially available to map onto the claim. Applications from the HelloID application catalog come pre-filled with the appropriate attributes, although you may modify them as needed. 

After the application's attributes are defined under the Change attributes link, you then use the Change mappings link to specify which of them will actually be included in the claim. In the right-hand column, you select the Display Name (as defined under the Change attributes link) to include that attribute in the claim. Then, in the left-hand column, you specify which attribute from the HelloID user schema will be mapped to it, using double curly brace notation.

When you add single sign-on applications to HelloID, especially those that rely on the Generic SAML connector, you will need to update these mappings to send the required attribute values.

Was this article helpful?
0 out of 0 found this helpful
Please visit our website for more information about HelloID (identity as a service).
Return to top