Step 4: Configure User Attributes and Claims
The Oracle Cloud Infrastructure Console enterprise application template is seeded with the required attributes, so there is no need to add any. However, you must make the following customizations:
- In the User Attributes & Claims section, click Edit in the upper-right corner. The Manage Claim panel appears.
- Next to the Name identifier value field, click Edit.
- Under Required claim, select Unique User Identifier (Name ID).
- Select Email address and change it to “Persistent.”
- For Source, select Attribute.
- For Source attribute, select user.userprincipalname.
- Click Save.
Table 1-1 SAML Attribute Mapping
| SAML User Attribute Type | SAML User Attribute Name | IAM Domain User Attribute | Value | Mandatory Attribute |
|---|---|---|---|---|
|
Attribute |
#upper($(assertion.oc_ownercode)) |
urn:ietf:params:scim:schemas:idcs:extension:custom:User:OC_UserOwnerCode |
N/A |
No |
|
Attribute |
oc_employeenumber |
urn:ietf:params:scim:schemas:idcs:extension:custom:User:OC_UserEmployeeNo |
N/A |
No |
|
Attribute |
oc_primaryworklocation |
urn:ietf:params:scim:schemas:idcs:extension:custom:User:OC_PrimaryWorkLocation |
Mandatory Single Valued User Attribute. Indicates the user’s primary work location. Primary Work Location can have values <ENTERPRISE_IDCHAINCODE>:EC for multi chain customers derived from the user profile. For customers having only a single chain, the source value can be set to constant <ENTERPRISE_ID>:E <CHAINCODE>:C for all users. <ENTERPRISE_ID><CHAINCODE> will be oc_orgcode. This mapping is required and mandatory only if oc_primaryworklocation cannot be sent in the SAML claims from IdP. |
Yes |
Figure 1-1 Attributes & Claims
