Assign advanced attribute mappings
About this task
You will want to use advanced attribute mapping when:
-
Adding an application for your single sign-on (SSO) users, and one or more of the attributes for the application are different than the attributes used by the identity repository.
-
Customizing PingOne dock settings and you want to change one or more of the default attributes used by the identity repository.
In both cases, use advanced attribute mapping if the standard attributes available in the dropdown listing for an attribute assignment do not meet your needs, and you want to use advanced mode to customize an attribute.
Advanced attribute mapping mode enables you to modify the mapping of an identity repository attribute to an application attribute, or to assign more than one identity repository attribute to an application attribute (so the needed attribute can be used without altering the existing mapping).
Steps
-
In advanced attribute mapping mode, you map additional identity repository attributes to the single application attribute. You can:
Choose from:
-
Select an identity repository attribute from a drop-down list.
-
Enter an identity repository attribute.
-
Click the As Literal checkbox and enter a literal value to assign.
For attributes that aren’t literal values, you can select a transformation Function to apply to an attribute from the drop-down list. The following transformation functions are available:
- FilterByRegularExpression
-
Apply a regular expression (regex) to the attribute value(s). Only values that match the regular expression are assigned to the attribute. For example, if you want the resulting value(s) to start with 'A' or 'b', use the regular expression '[Ab].*'.
- ExtractByRegularExpression
-
Apply a regular expression (regex) to the attribute value(s). Any portion of a value that matches the regular expression is assigned to the attribute. For example, an incoming assertion uses
memberOf
, and you want only groups that match a specified list sent in the outgoing assertion. Assume the groups you want are A, B, C and D, and the incoming assertion contains the groups A, B, E, F in the memberOf attribute. In this case, your regular expression extracts only the group A and B values. - GetDomainPartFromEmail
-
Get the domain part from an email string. For example, get foo.com from "bob.smith@foo.com".
- GetFirstRelativeDN
-
Get the first relative distinguished name (DN) from a DN string. For example, get Bob Smith from "CN=Bob Smith,OU=Sales,DC=Fabrikam,DC=com".
- GetLocalPartFromEmail
-
Get the local part from an email string. For example, get bob.smith from "bob.smith@foo.com"
- Hash
-
Apply a hashing algorithm to the attribute value. You will select the algorithm and the encoding format, choosing the settings from a dropdown list.
For Hashing Algorithm, the options are:
-
MD5
-
SHA-1
-
SHA-256
For Encoding Format, the options are:
-
hex
-
base64
This setting is not available in the Attribute Mapping section on the Dock → Configuration page.
-
- PickByFieldsFromJsonList
-
Pick the field values from a multivalued attribute that match the condition you specify. Each field value is a JSON object.
- PickPrimaryObjectsByTypeFromJsonList
-
Pick the JSON object(s) from the list that have a
primary
field value of true, and atype
field value equal to the condition value. If you do not specify a condition, thetype
value is ignored and all matchingprimary
value objects are returned. - PickPrimaryValueByTypeFromJsonList
-
Pick the JSON object(s)
value
field values from the list, where the object’sprimary
field value is true and thetype
field value matches the condition value. If you do not specify a condition, thetype
value is ignored and all matchingprimary
value objects are returned. - Random
-
Assign a random value to the attribute. You will need to supply the character length to use. You can also select to apply a hashing algorithm and encoding format to the random value, choosing the settings from a dropdown list.
For Hashing Algorithm, the options are:
-
None (default)
-
MD5
-
SHA-1
-
SHA-256
For Encoding Format, the options are:
-
None (default)
-
hex
-
base64
This setting is not available in the Attribute Mapping section on the Dock → Configuration page.
-
- ToLowerCase
-
Change all characters to lowercase.
- ToUpperCase
-
Change all characters to uppercase.
-
-
Click Close Advanced to save the attribute assignment.