SAML Assertion Attributes

After you have created a service provider (SP) profile for OpenAir and imported the OpenAir SAML metadata into your IdP service, you need to ensure that SAML assertions contain the required attributes with the appropriate OpenAir sign-in identifiers.

This following table lists both required and optional assertion attributes and the OpenAir sign-in identifiers they map to.

Attribute	Required / Optional	Description
NameID	Required	OpenAir User ID — The unique user identifier (Employee ID on the employee demographic form in OpenAir). Important: Depending on your IdP configuration, you may not be able to map NameID to the source attribute containing the OpenAir User ID. For example, the IdP service may use NameID as a transient identifier for session management. If this is the case: The assertion must contain both NameID and user_nickname attributes. Use user_nickname to send the OpenAir User ID in the SAML assertion.
user_nickname	Optional	If specified, user_nickname takes precedence over NameID for identifying the user. You can use user_nickname to send the OpenAir User ID in the SAML assertion if NameID cannot be used.

Note:

The attribute account_nickname is no longer required. The OpenAir SAML endpoint is unique to your OpenAir account and to each IdP profile.

Related Topics:

• OpenAir SAML Metadata
• Configuring Microsoft AD FS 3.0 for the SAML Integration
• Configuring Microsoft Entra ID for the SAML Integration
• OpenAir SAML Single Sign-On Overview
• Configuring the Identity Provider for the SAML Integration