PingOne for Enterprise

Assign advanced attribute mappings

About this task

You will want to use advanced attribute mapping when:

  • Adding an application for your single sign-on (SSO) users, and one or more of the attributes for the application are different than the attributes used by the identity repository.

  • Customizing PingOne dock settings and you want to change one or more of the default attributes used by the identity repository.

In both cases, use advanced attribute mapping if the standard attributes available in the dropdown listing for an attribute assignment do not meet your needs, and you want to use advanced mode to customize an attribute.

Advanced attribute mapping mode enables you to modify the mapping of an identity repository attribute to an application attribute, or to assign more than one identity repository attribute to an application attribute (so the needed attribute can be used without altering the existing mapping).

Steps

  1. In advanced attribute mapping mode, you map additional identity repository attributes to the single application attribute. You can:

    Choose from:

    • Select an identity repository attribute from a drop-down list.

    • Enter an identity repository attribute.

    • Click the As Literal checkbox and enter a literal value to assign.

    For attributes that aren’t literal values, you can select a transformation Function to apply to an attribute from the drop-down list. The following transformation functions are available:

    FilterByRegularExpression

    Apply a regular expression (regex) to the attribute value(s). Only values that match the regular expression are assigned to the attribute. For example, if you want the resulting value(s) to start with 'A' or 'b', use the regular expression '[Ab].*'.

    ExtractByRegularExpression

    Apply a regular expression (regex) to the attribute value(s). Any portion of a value that matches the regular expression is assigned to the attribute. For example, an incoming assertion uses memberOf, and you want only groups that match a specified list sent in the outgoing assertion. Assume the groups you want are A, B, C and D, and the incoming assertion contains the groups A, B, E, F in the memberOf attribute. In this case, your regular expression extracts only the group A and B values.

    GetDomainPartFromEmail

    Get the domain part from an email string. For example, get foo.com from "bob.smith@foo.com".

    GetFirstRelativeDN

    Get the first relative distinguished name (DN) from a DN string. For example, get Bob Smith from "CN=Bob Smith,OU=Sales,DC=Fabrikam,DC=com".

    GetLocalPartFromEmail

    Get the local part from an email string. For example, get bob.smith from "bob.smith@foo.com"

    Hash

    Apply a hashing algorithm to the attribute value. You will select the algorithm and the encoding format, choosing the settings from a dropdown list.

    For Hashing Algorithm, the options are:

    • MD5

    • SHA-1

    • SHA-256

    For Encoding Format, the options are:

    • hex

    • base64

    This setting is not available in the Attribute Mapping section on the Dock → Configuration page.

    PickByFieldsFromJsonList

    Pick the field values from a multivalued attribute that match the condition you specify. Each field value is a JSON object.

    PickPrimaryObjectsByTypeFromJsonList

    Pick the JSON object(s) from the list that have a primary field value of true, and a type field value equal to the condition value. If you do not specify a condition, the type value is ignored and all matching primary value objects are returned.

    PickPrimaryValueByTypeFromJsonList

    Pick the JSON object(s) value field values from the list, where the object’s primary field value is true and the type field value matches the condition value. If you do not specify a condition, the type value is ignored and all matching primary value objects are returned.

    Random

    Assign a random value to the attribute. You will need to supply the character length to use. You can also select to apply a hashing algorithm and encoding format to the random value, choosing the settings from a dropdown list.

    For Hashing Algorithm, the options are:

    • None (default)

    • MD5

    • SHA-1

    • SHA-256

    For Encoding Format, the options are:

    • None (default)

    • hex

    • base64

    This setting is not available in the Attribute Mapping section on the Dock → Configuration page.

    ToLowerCase

    Change all characters to lowercase.

    ToUpperCase

    Change all characters to uppercase.

  2. Click Close Advanced to save the attribute assignment.