SAML Attributes Required for Authentication
When users log in to Student Financial Aid (SFA), OCI IAM sends attributes in the SAML assertion to authenticate users.
If you're using an external identity provider, you'd need to populate these attributes so that users can log in.
This table lists the attributes that OCI IAM sends in the SAML assertion to authenticate users accessing the administration UI.
| Name | Format | Type | Type Value | Condition |
|---|---|---|---|---|
| firstName | Basic | User Attribute | First name | None |
| lastName | Basic | User Attribute | Last name | None |
| emailAddress | Basic | User Attribute | Primary email | None |
| roles | Basic | User Attribute | Group membership | All groups |
This table lists the attributes that OCI IAM sends in the SAML assertion to authenticate users accessing the Student/Parent Self-Service Portal.
| Name | Format | Type | Type Value | Condition |
|---|---|---|---|---|
| studentID | Basic | Expression/Literal | urn:ietf:params:scim:schemas:idcs:extension:custom:User:studentID | None |
| firstName | Basic | User Attribute | First name | None |
| lastName | Basic | User Attribute | Last name | None |
| roles | Basic | User Attribute | Group membership | All groups |
| emailAddress | Basic | User Attribute | Primary email | None |
The studentID attribute is a custom schema attribute that SFA adds to your identity domain schema when you provision the SFA environment for the first time. Make sure that this attribute:
- Is populated with a student’s ID so that a student can successfully log in to Student Portal.
- Is populated with at least one student ID so that a guest user can successfully log in.
- Is of type
String Arrayand must be of this type when included in the assertion from an IDP. - Is presented in a comma-separated format: <studentID1>,<studentID2>, and so on.