NameID mapper

In the Advanced Identity Cloud admin console, create a script of type SAML2 NameID Mapper.

In the JavaScript field, write a script to set a custom value for the NameID attribute. For example, the following script replaces instances of .com with .org in a user’s email address. Alternatively, uncomment the call to getIdentityNameID to set NameID to the user’s first and last name.

/*
 * Retrieve nameID value from Java plugin and modify
*/
function getModifiedNameID() {
  var nameIDValue = nameIDScriptHelper.getNameIDValue();

  if (nameIDValue.includes(".com")) {
      return nameIDValue.replace(".com", ".org");
  }
  return nameIDValue;
}

/*
 * Use identity binding to gather attributes
*/
function getIdentityNameID() {
  var givenName = identity.getAttributeValues("givenName")[0];
  var lastName = identity.getAttributeValues("sn")[0];

  return givenName + "_" + lastName;
}

getModifiedNameID();
//getIdentityNameID();

Save your changes and close the editor.

In the Advanced Identity Cloud admin console, go to Applications > SAML App Name > Sign On and click Show advanced settings.

In Application Username, select Custom.

Select your script from the NameId Script list.

Save your changes.

Test your changes using an SP-initiated flow.

Verify that the SAML 2.0 assertion shows an updated value, for example:

<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
             NameQualifier="idp"
             SPNameQualifier="sp">bjensen@example.org</saml:NameID>