Page created: 9 Feb 2021 |
Page updated: 16 Jul 2021
You can choose a name identifier for your WS-Federation Browser single sign-on (SSO) configuration on the Identity Mapping tab. Your selection might affect the way the service provider (SP) looks up and associates your users to their local accounts.
Select the type of name identifier that you and your SP have agreed to use.
Option Description Email Address This attribute is commonly used as a unique identifier for SSO and single logout (SLO). Make this selection, for example, if a user logs in using an email address or if the information is available for lookup in a local datastore. User Principal Name The username or other unique ID of the subject initiating the transaction. Make this selection, for example, if a username will be available from the current user session as part of a cookie or can be derived from a local datastore. Common Name This selection provides for anonymous SSO to your SP, generally using a hard-coded generalized sign on. Make this selection if your partner agreement involves a many-to-one use case, such as if the SP has a group account set up for all users in a particular domain.
- Click Next to save your changes.