GreenOrbit (GO) version 2.1 introduces the ability to sync any AD string attribute directly into GO Profile Directory.
The below article assumes that you have configured SAML successfully using our configuration guides and that any additional attributes are also configured within your SAML Identity Provider (IdP).
- Once a user from your organization logs into GO, all the attributes that are configured within your SAML Identity Provider (IdP) will automatically show within the SAML Mappings menu via the GO admin interface.
We have configured the following attributes within Azure (SAML IdP) as an example:
2. Next step is to select the type of attribute from the drop down box. All attributes should be set to Metadata (*with the exception of user.username and user.groups) which then allows you to match the corresponding Metadata field that exists within the Manage Metadata menu. Refer here to learn how to add/edit Metadata.
*Note that user.username should always be set to Username AND user.groups should always be set to Groups (if applicable)
3. Click Submit to save the changes. Then completely log out of GO and back in again for the changes to take effect.
4. View My Profile on the front-end to check whether the new data has successfully synced from Active Directory into your GO profile. (assuming that you have the relevant metadata fields showing in the master profile)
ADDING ADDITIONAL ATTRIBUTES AFTER THE FIRST CONFIGURATION
If you've configured the SAML Mappings the first time and then need to add additional attributes (for example, if we wanted to add user.department to the above), then you would need to add the additional attribute/s into the SAML IdP configuration first before then adding the attribute into GO SAML Mappings via the Add field at the top.
*PLEASE NOTE that the format of the attribute must be exactly the same as how it has been configured with the SAML IdP as this has the potential to impact logging in.
*Additional / Custom attributes are limited depending on the SAML IdP
* Note that for certain SAML Identity Providers you can map the profile image from Active Directory as the ThumbnailPhoto attribute. This will be dependent on your SAML IdP's support for this (e.g. ADFS supports this but Azure currently does not).
If you have been unsuccessful with syncing additional AD attributes, or have any questions please reach out to email@example.com