Configure Automatic User Imports From SAML
You can configure automatic user account creation and updates in CSM when users log in using SAML. Control the user data and group membership passed to CSM by mapping ADFS attributes to Business Object fields and Active Directory security groups to CSM Security Groups.
This feature is only supported when SAML is configured with Microsoft ADFS.
The process for configuring automatic user updates requires setup in ADFS and in CSM Administrator.
Task | Notes |
---|---|
1. In Microsoft ADFS, verify that Windows login IDs are used as the SAML name ID that identifies users. | See Use Windows Login as the Name ID. |
2. In Microsoft ADFS, verify that email addresses are not used as the SAML name ID that identifies users. | See Use E-mail Address as the Name ID. |
3. In Microsoft ADFS, configure user attributes that will be passed to CSM. For example, create attributes such as first name, last name, email address, etc. | See Configure User Attributes in ADFS. |
4. In Microsoft ADFS, add a rule for every Active Directory security group that you want to map to a CSM Security Group. | See Map SAML Security Groups to CSM Security Groups. |
5. In CSM Administrator, verify that the type of ID set for the identity provider is Windows Login. | See Configure the SAML Identity Provider. |
6. In CSM Administrator, add the SAMLImport general attribute to the User Business Object. | See Add SAMLImport Attribute to User Business Object. |
7. In CSM Administrator, map attributes in the Business Object that stores user information to ADFS attributes. | See Map Active Directory User Attributes to CSM User Fields. |
8. In CSM Administrator, map Active Directory groups to CSM Security Groups. | See Map SAML Security Groups to CSM Security Groups. |