For SAML 2.0 connections, the server can be configured to use only assertion attributes for user provisioning or to retrieve more attributes from the IdP in a follow-on Attribute Query transaction. The User Attributes screen displays the attributes expected in the assertion from this IdP.

User Attributes

Attribute Query is a SAML 2.0 profile. For OpenID Connect, SAML 1.x, and WS-Federation connections, this screen is not presented; PingFederate uses only attributes from the assertion for user provisioning.

  • If you and your IdP partner have agreed to use the Attribute Query profile for provisioning, select that option before leaving this screen.
    You configure the Attribute Query profile later in the task flow.