Step 2: Adding OCI IAM Identity Domain as a Service Provider (SP) in the Identity Provider (IdP)
- Add the OCI IAM Identity Domain as the service provider in your identity using the metadata downloaded earlier.
-
Map the Name identifier (Name ID) value field as the username.
-
The below table lists the SAML attributes that must be configured in identity provider to pass as assertion during the SAML response.
Table 1-1 SAML Attributes
SAML Attribute Name Attribute Description Mandatory Attribute oc_userid
User Name
Yes
oc_surname
Family Name
Yes
oc_emailaddress
Primary Email
Yes
oc_preferredlanguage
User Preferred Language
No
oc_primaryworklocation
User’s primary work location. This is a mandatory single value user attribute that indicates the user’s primary work location. The primary work location can have the following values:
<ENTERPRISE_ID >:E for multi chain customers derived from the user profile for those users who are at enterprise level.
<CHAINCODE>:C for multi-chain customers derived from the user profile. For customers having only a single chain, the source value can be set to constant <CHAINCODE>:C for all users. <CHAINCODE> will be oc_orgcode.
Yes
oc_givenname
Given Name
No
oc_employeenumber
Employee Number
No
oc_telephonenumber
Mobile Number
No
oc_title
Title
No
oc_displayname
Display Name
No
oc_usertype
User Type. The possible values are:-
FULL-TIME EMPLOYEE
-
PART-TIME EMPLOYEE
-
TRAINEE
-
CONTRACTOR
-
CONSULTANT
-
OTHER
No
oc_orgcode
Enterprise or Chain Code
No
oc_workphonenumber
Work Phone Number
No
oc_userinitial
Honorific Prefix
No
oc_middlename
Middle Name
No
oc_honorificsuffix
Honorific Suffix
No
oc_timezone
User Timezone
No
oc_locale
User Locale
No
-