For SAML 2.0 connections, the server can be configured to use only assertion attributes for user provisioning, or to retrieve more attributes from the identity provider (IdP) in a follow-on attribute query transaction.
The User Attributes tab displays the attributes expected in the assertion from this IdP.
The attribute query is a SAML 2.0 profile. For OpenID Connect, SAML 1.x, and WS-Federation connections, this tab is not presented. PingFederate uses only attributes from the assertion for user provisioning.
If you and your IdP partner have agreed to use the Attribute Query profile for
provisioning, select that option before leaving this tab.
You configure the attribute query profile later in the task flow.